Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5
CVSSv2

CVE-2009-4496

Published: 13/01/2010 Updated: 10/10/2018
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
VMScore: 505
Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Subscribe to Boa

Vulnerability Summary

Boa 0.94.14rc21 writes data to a log file without sanitizing non-printable characters, which might allow remote malicious users to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

boa boa 0.94.14rc21

Exploits

Exploit DB: BOA Web Server 0.94.x - Terminal Escape Sequence in Logs Command Injection
source: wwwsecurityfocuscom/bid/37718/info Boa Webserver is prone to a command-injection vulnerability because it fails to adequately sanitize user-supplied input in logfiles Attackers can exploit this issue to execute arbitrary commands in a terminal Boa Webserver 09414rc21 is vulnerable; other versions may also be affected curl ...
Exploit DB: Nginx, Varnish, Cherokee, etc Log Injection
Nginx, Varnish, Cherokee, thttpd, mini-httpd, WEBrick, Orion, AOLserver, Yaws and Boa are subject to log escape sequence injection vulnerabilities ...

Github Repositories

https://github.com/Findorgri/boa-0.94.13

Boa 09413 Boa is a simple and lightweight HTTP server which is occasionally still found in embedded firmware images for serving CGI scripts, files, and more 09413 is the last stable version, and was released in 2002 Known Vulnerabilities Unfixed CVE-2009-4496 - Discovered by the ushit team: Boa's error logs in 09413 (and likely earlier) through 09414-rc21 do

References

CWE-20http://www.ush.it/team/ush/hack_httpd_escape/adv.txthttp://lists.fedoraproject.org/pipermail/package-announce/2010-May/041271.htmlhttp://www.securityfocus.com/bid/37718http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041274.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2010-May/041285.htmlhttp://secunia.com/advisories/39775http://www.vupen.com/english/advisories/2010/1133http://www.securityfocus.com/archive/1/508830/100/0/threadedhttps://nvd.nist.govhttps://github.com/Findorgri/boa-0.94.13https://www.exploit-db.com/exploits/33504/
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322CVE-2006-4304wirelessCVE-2023-23022local file inclusionCVE-2024-27058CVE-2024-33820open redirectCVE-2024-27079
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook