Boa Webserver Terminal Escape Sequence in Logs Command Injection Vulnerability

Bugtraq ID: 37718
Class: Input Validation Error
CVE: CVE-2009-4496
Remote: Yes
Local: No
Published: Jan 11 2010 12:00AM
Updated: May 12 2010 07:11PM
Credit: Giovanni 'evilaliv3' Pellerano, Alessandro 'jekil' Tanasi, and Francesco 'ascii' Ongaro
Vulnerable: Red Hat Fedora 13
Red Hat Fedora 12
Red Hat Fedora 11
Boa Webserver 0.94.14 rc21
Boa Webserver 0.94.8 .3-1
+ Debian Linux 2.2
+ Debian Linux 2.1
Boa Webserver 0.94.8 .2
+ Debian Linux 2.2
+ Debian Linux 2.1
Boa Webserver 0.93.15
+ AIPTEK NETCam Viewer 1.0 .0.28
Boa Webserver 0.92 r
+ AstroCorp PowerLinkT WAN Aggregator 1.7.3 .1
Not Vulnerable:


 

Privacy Statement
Copyright 2010, SecurityFocus