CVSS: 9.8EPSS: 2%CPEs: 4EXPL: 2CVE-2020-24379 – Yaws 2.0.7 XML Injection / Command Injection
https://notcve.org/view.php?id=CVE-2020-24379
WebDAV implementation in Yaws web server versions 1.81 to 2.0.7 is vulnerable to XXE injection. Una implementación de WebDAV en el servidor web Yaws versiones 1.81 hasta 2.0.7, es vulnerable a una inyección de tipo XXE. Yaws versions 1.81 through 2.0.7 suffer from remote OS command injection and XML external entity injection vulnerabilities. • https://github.com/erlyaws/yaws/commits/master https://github.com/vulnbe/poc-yaws-dav-xxe https://lists.debian.org/debian-lts-announce/2020/09/msg00022.html https://packetstormsecurity.com/files/159106/Yaws-2.0.7-XML-Injection-Command-Injection.html https://usn.ubuntu.com/4569-1 https://vuln.be/post/yaws-xxe-and-shell-injections https://www.debian.org/security/2020/dsa-4773 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 10.0EPSS: 57%CPEs: 4EXPL: 3CVE-2020-24916 – Yaws 2.0.7 XML Injection / Command Injection
https://notcve.org/view.php?id=CVE-2020-24916
CGI implementation in Yaws web server versions 1.81 to 2.0.7 is vulnerable to OS command injection. la implementación de CGI en el servidor web Yaws. (CVE-2020-24916) Una implementación de CGI en el servidor web Yaws versiones 1.81 hasta 2.0.7, es vulnerable a una inyección de comandos del Sistema Operativo. Yaws versions 1.81 through 2.0.7 suffer from remote OS command injection and XML external entity injection vulnerabilities. • https://github.com/erlyaws/yaws/commits/master https://github.com/vulnbe/poc-yaws-cgi-shell-injection https://lists.debian.org/debian-lts-announce/2020/09/msg00022.html https://packetstormsecurity.com/files/159106/Yaws-2.0.7-XML-Injection-Command-Injection.html https://usn.ubuntu.com/4569-1 https://vuln.be/post/yaws-xxe-and-shell-injections https://www.debian.org/security/2020/dsa-4773 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 6.1EPSS: 1%CPEs: 4EXPL: 0CVE-2016-1000108
https://notcve.org/view.php?id=CVE-2016-1000108
yaws before 2.0.4 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect a CGI application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an "httpoxy" issue. yaws versiones anteriores a la versión 2.0.4, no intenta abordar los conflictos de espacio de nombres de RFC sección 3875 versión 4.1.18 y, por lo tanto, no protege las aplicaciones CGI de la presencia de datos de clientes no seguros en la variable de entorno HTTP_PROXY, lo que podría permitir a atacantes remotos redireccionar el tráfico HTTP saliente de la aplicación CGI hacia un servidor proxy arbitrario por medio de un encabezado Proxy especialmente diseñado en una petición HTTP, también se conoce como un problema "httpoxy". • http://www.openwall.com/lists/oss-security/2016/07/18/6 https://github.com/klacke/yaws/commit/9d8fb070e782c95821c90d0ca7372fc6d7316c78#diff-54053c47eb173a90c26ed19bd9d106c1 https://raw.githubusercontent.com/distributedweaknessfiling/cvelist/master/2016/1000xxx/CVE-2016-1000108.json https://security-tracker.debian.org/tracker/CVE-2016-1000108 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 3CVE-2009-4495 – Yaws 1.55 - 'Logs' Terminal Escape Sequence Command Injection
https://notcve.org/view.php?id=CVE-2009-4495
Yaws 1.85 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator. Yaws v1.85, escribe datos en un archivo de los sin depurar los caracteres no escribibles, lo que podría permitir a atacantes remotos modificar la ventana de título, o posiblemente ejecutar comandos de su elección o sobrescribir archivos, a través de una petición HTTP que contiene una secuencia de escape para el emulador de terminal. Nginx, Varnish, Cherokee, thttpd, mini-httpd, WEBrick, Orion, AOLserver, Yaws and Boa are subject to log escape sequence injection vulnerabilities. • https://www.exploit-db.com/exploits/33502 http://www.securityfocus.com/archive/1/508830/100/0/threaded http://www.securityfocus.com/bid/37716 http://www.ush.it/team/ush/hack_httpd_escape/adv.txt • CWE-20: Improper Input Validation •