CVE-2009-4488

Varnish 2.0.6 is affected by CVE-2009-4488: it writes to a log file without sanitizing non-printable characters, which could let remote attackers modify a window title or potentially execute arbitrary commands or overwrite files via an HTTP request containing an escape sequence for a terminal emu...

CVE-2009-4495

CVE-2009-4495 affects Yaws 1.85, where log writes sanitize non-printable characters incorrectly, enabling a remote attacker to exploit an HTTP request containing a terminal-escape sequence to alter a window title or potentially execute arbitrary commands or overwrite files. The OpenVAS entry expl...

CVE-2009-4490

CVE-2009-4490 affects mini_httpd 1.19. The flaw: logging non-printable characters without sanitization may let a remote attacker craft an HTTP request with an escape sequence to modify a window title and potentially execute arbitrary code or overwrite files. The Gentoo advisory GLSA 201206-27 des...

CVE-2009-4489

CVE-2009-4489 (Cherokee) : Cherokee 0.99.32 and earlier fails to sanitize non‑printable characters in log files, allowing an HTTP request with escape sequences to modify a window title or potentially execute commands/overwrite files. The issue is a log‑escape vulnerability affecting Cherokee and ...

CVE-2009-4490

minihttpd 1.19 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator...

CVE-2009-4496

Boa 0.94.14rc21 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator...

CVE-2009-4493

CVE-2009-4493 affects Orion Application Server 2.0.7. The Vulnerability arises from writing to logs without sanitizing non‑printable characters, enabling an attacker to send an HTTP request containing terminal escape sequences that could modify a window title or, in the worst case, execute arbitr...

CVE-2009-4495

Yaws 1.85 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator...

CVE-2009-4496

CVE-2009-4496 affects the Boa web server (Boa 0.94.14 rc21 in the Fedora/NASL/OpenVAS references) where HTTP logs are written without sanitizing non-printable characters. The provided connected document notes that this could allow remote attackers to exploit escape sequences in a request to manip...

CVE-2009-4488

Varnish 2.0.6 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator. NOTE: the vendo...

CVE-2009-4494

Removed by vendor...

CVE-2009-4487

nginx 0.7.64 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator...

CVE-2009-4490

minihttpd 1.19 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator...

CVE-2009-4495

Yaws 1.85 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator...

CVE-2009-4488

Varnish 2.0.6 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator. NOTE: the vendo...

CVE-2009-4491

thttpd 2.25b0 logs data without sanitizing non‑printable characters, potentially allowing a remote attacker to modify a window title or execute commands/overwrite files via an HTTP request with a terminal-escape sequence. Root cause is unfiltered log output. No specific patch/version fix is detai...

PT-2010-1345

Name of the Vulnerable Software and Affected Versions nginx version 0.7.64 Description The issue allows remote attackers to potentially modify a window's title, execute arbitrary commands, or overwrite files via an HTTP request containing an escape sequence for a terminal emulator. This is becaus...

CVE-2009-4491

thttpd 2.25b0 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator...

CVE-2009-4491

thttpd 2.25b0 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator...

PT-2010-1346 · Varnish +1 · Varnish +1

Name of the Vulnerable Software and Affected Versions: Varnish version 2.0.6 Description: The issue arises from Varnish writing data to a log file without sanitizing non-printable characters. This could potentially allow remote attackers to modify a window's title or possibly execute arbitrary...