CVE-2017-10974 – Yaws 1.91 - Remote File Disclosure
https://notcve.org/view.php?id=CVE-2017-10974
Yaws 1.91 allows Unauthenticated Remote File Disclosure via HTTP Directory Traversal with /%5C../ to port 8080. NOTE: this CVE is only about use of an initial /%5C sequence to defeat traversal protection mechanisms; the initial /%5C sequence was apparently not discussed in earlier research on this product. Yaws 1.91 permite la divulgación remota de archivos sin autenticarse mediante un salto de directorio HTTP con /%5C../ en el puerto 8080. NOTA: Este CVE solo trata el uso de una secuencia /%5C inicial para omitir los mecanismos de protección contra saltos. • https://www.exploit-db.com/exploits/42303 http://hyp3rlinx.altervista.org/advisories/YAWS-WEB-SERVER-v1.91-UNAUTHENTICATED-REMOTE-FILE-DISCLOSURE.txt http://www.securityfocus.com/bid/99515 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2011-5025 – Yaws-Wiki 1.88-1 (Erlang) - Persistent / Reflective Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2011-5025
Multiple cross-site scripting (XSS) vulnerabilities in the wiki application in Yaws 1.88 allow remote attackers to inject arbitrary web script or HTML via (1) the tag parameter to editTag.yaws, (2) the index parameter to showOldPage.yaws, (3) the node parameter to allRefsToMe.yaws, or (4) the text parameter to editPage.yaws. Varias vulnerabilidades de ejecución de comandos en sitios cruzados (XSS) en la aplicación de wiki en Yaws v1.88 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de (1) el parámetro de etiqueta para editTag.yaws, (2) el parámetro de índice de showOldPage.yaws, (3) el parámetro de nodo a allRefsToMe.yaws , o (4) el parámetro de texto a editPage.yaws. • https://www.exploit-db.com/exploits/17111 https://www.exploit-db.com/exploits/36498 http://www.securityfocus.com/bid/51276 https://sitewat.ch/Advisory/View/4 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2010-4181 – Yaws 1.89 - Directory Traversal
https://notcve.org/view.php?id=CVE-2010-4181
Directory traversal vulnerability in Yaws 1.89 allows remote attackers to read arbitrary files via ..\ (dot dot backslash) and other sequences. Vulnerabilidad de salto de directorio en Yaws v1.89, permite a atacantes remotos leer ficheros arbitrarios mediante ..\ (punto punto barra) y otras secuencias. • https://www.exploit-db.com/exploits/15371 http://osvdb.org/68962 http://secunia.com/advisories/42066 http://www.exploit-db.com/exploits/15371 http://www.securityfocus.com/bid/44564 http://www.vupen.com/english/advisories/2010/2858 https://exchange.xforce.ibmcloud.com/vulnerabilities/62917 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2009-4495 – Yaws 1.55 - 'Logs' Terminal Escape Sequence Command Injection
https://notcve.org/view.php?id=CVE-2009-4495
Yaws 1.85 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator. Yaws v1.85, escribe datos en un archivo de los sin depurar los caracteres no escribibles, lo que podría permitir a atacantes remotos modificar la ventana de título, o posiblemente ejecutar comandos de su elección o sobrescribir archivos, a través de una petición HTTP que contiene una secuencia de escape para el emulador de terminal. Nginx, Varnish, Cherokee, thttpd, mini-httpd, WEBrick, Orion, AOLserver, Yaws and Boa are subject to log escape sequence injection vulnerabilities. • https://www.exploit-db.com/exploits/33502 http://www.securityfocus.com/archive/1/508830/100/0/threaded http://www.securityfocus.com/bid/37716 http://www.ush.it/team/ush/hack_httpd_escape/adv.txt • CWE-20: Improper Input Validation •