BUGTRAQSECURITYVULNS:VULN:10511

HistoryJan 12, 2010 - 12:00 a.m.

Multiple applications log files terminal control characters injections

2010-01-1200:00:00

BUGTRAQ

vulners.com

ESC-sequences filtering is not performed.

CPENameOperatorVersion
cherokeeeq0.99
mini_httpdeq1.19
yawseq1.85
webrickeq1.3
orioneq2.0
thttpdeq2.25
boaeq0.94
varnisheq2.0
nginxeq0.7
aolservereq4.5

Name	Operator	Version
cherokee	eq	0.99
mini_httpd	eq	1.19
yaws	eq	1.85
webrick	eq	1.3
orion	eq	2.0
thttpd	eq	2.25
boa	eq	0.94
varnish	eq	2.0
nginx	eq	0.7
aolserver	eq	4.5

References

vulners.com/securityvulns/securityvulns:doc:23029

packetstorm 2

securityvulns 1

openvas 48

cve 10

ubuntucve 9

prion 10

fedora 6

debiancve 5

cbl_mariner 1

nessus 19

gentoo 2

nginx 1

veracode 1

osv 1

github 1

rubygems 1

ubuntu 1

mmpc 1

mssecure 1

oraclelinux 2

centos 2

redhat 2

packetstorm

Nginx, Varnish, Cherokee, etc Log Injection

2010-01-11 00:00:00

m-privacy TightGate-Pro Code Execution / Insecure Permissions

2023-11-28 00:00:00

securityvulns

Nginx, Varnish, Cherokee, thttpd, mini-httpd, WEBrick, Orion, AOLserver, Yaws and Boa log escape sequence injection

2010-01-12 00:00:00

openvas

Acme thttpd and mini_httpd Terminal Escape Sequence in Logs Command Injection Vulnerability

2010-01-13 00:00:00

Acme thttpd and mini_httpd Terminal Escape Sequence in Logs Command Injection Vulnerability

2010-01-13 00:00:00

Gentoo Security Advisory GLSA 201206-27 (mini_httpd)

2012-08-10 00:00:00

cve

CVE-2009-4490

2010-01-13 20:30:00

CVE-2009-4493

2010-01-13 20:30:00

CVE-2009-4496

2010-01-13 20:30:00

ubuntucve

CVE-2009-4490

2010-01-13 00:00:00

CVE-2009-4495

2010-01-13 00:00:00

CVE-2009-4496

2010-01-13 00:00:00

prion

Design/Logic Flaw

2010-01-13 20:30:00

Design/Logic Flaw

2010-01-13 20:30:00

Design/Logic Flaw

2010-01-13 20:30:00

fedora

[SECURITY] Fedora 12 Update: boa-0.94.14-0.15.rc21.fc12

2010-05-12 17:55:34

[SECURITY] Fedora 11 Update: boa-0.94.14-0.15.rc21.fc11

2010-05-12 17:56:06

[SECURITY] Fedora 13 Update: boa-0.94.14-0.15.rc21.fc13

2010-05-12 17:58:02

debiancve

CVE-2009-4495

2010-01-13 20:30:00

CVE-2009-4488

2010-01-13 20:30:00

CVE-2009-4490

2010-01-13 20:30:00

cbl_mariner

CVE-2009-4487 affecting package nginx 1.16.1-4

2020-11-30 19:30:40

nessus

GLSA-201206-27 : mini_httpd: Arbitrary code execution

2012-06-25 00:00:00

Fedora 13 : boa-0.94.14-0.15.rc21.fc13 (2010-7599)

2010-07-01 00:00:00

Fedora 12 : ruby-1.8.6.383-6.fc12 (2010-0530)

2010-07-01 00:00:00

gentoo

mini_httpd: Arbitrary code execution

2012-06-24 00:00:00

Ruby: Terminal Control Character Injection

2010-01-14 00:00:00

nginx

An error log data are not sanitized

2010-01-13 20:30:00

veracode

Privilege Escalation

2020-04-10 00:59:03

osv

WEBrick Improper Input Validation vulnerability

2017-10-24 18:33:38

github

WEBrick Improper Input Validation vulnerability

2017-10-24 18:33:38

rubygems

CVE-2009-4492 ruby WEBrick log escape sequence

2010-01-09 21:00:00

ubuntu

Ruby vulnerabilities

2010-02-16 00:00:00

mmpc

Vulnerable SDK components lead to supply chain risks in IoT and OT environments

2022-11-22 17:00:00

mssecure

Vulnerable SDK components lead to supply chain risks in IoT and OT environments

2022-11-22 17:00:00

oraclelinux

ruby security update

2011-06-28 00:00:00

ruby security update

2011-06-28 00:00:00

centos

irb, ruby security update

2011-08-14 21:12:51

ruby security update

2011-06-30 16:28:46

redhat

(RHSA-2011:0908) Moderate: ruby security update

2011-06-28 00:00:00

(RHSA-2011:0909) Moderate: ruby security update

2011-06-28 00:00:00

Products

Security Intelligence
Non-intrusive assessment
Developers SDK
Windows scanner
Linux scanner
Perimeter control tool
MSSP

Database

Vulnerabilities
Exploits
IOC
Security News
BugBounty
Popular
Wild Exploited
Top Vulnerabilities

Tools

Linux Security Scanner
API integration
Subscriptions
Plugins
Manual Audit

Learn More

Stats
API
Docs
Api-keys
License
Pricing
Glossary
FAQ

Company

Blog
Contacts
About Us
OpenSource
EULA
Brand Guideline
Privacy Policy

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply. All product names, logos, and brands are property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, logos, and brands does not imply endorsement.If you are an owner of some content and want it to be removed, please contact us. Using Vulners services you are accepting Vulners services end-user license agreement

@2024 Vulners Inc

Multiple applications log files terminal control characters injections

References

Related