4 matches found
DEBIAN-CVE-2020-24379
WebDAV implementation in Yaws web server versions 1.81 to 2.0.7 is vulnerable to XXE injection...
DEBIAN-CVE-2020-24916
CGI implementation in Yaws web server versions 1.81 to 2.0.7 is vulnerable to OS command injection...
PT-2020-5768 · Yaws +1 · Yaws +1
Name of the Vulnerable Software and Affected Versions: Yaws versions 1.81 through 2.0.7 Description: The issue is related to the CGI implementation in the Yaws web server, which is associated with incorrect cleaning of CGI requests. This can allow a remote attacker to access confidential data,...
PT-2020-5795 · Yaws +1 · Yaws Webserver +1
Name of the Vulnerable Software and Affected Versions: Yaws web server versions 1.81 through 2.0.7 Description: The issue is related to the implementation of WebDAV in the Yaws web server, which is vulnerable to XXE injection. This could allow a remote attacker to access confidential data,...