CVE-2009-4488
Varnish 2.0.6 - 'Terminal Escape Sequence in Logs' Command Injection
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
3Exploited in Wild
-Decision
Descriptions
Varnish 2.0.6 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator. NOTE: the vendor disputes the significance of this report, stating that "This is not a security problem in Varnish or any other piece of software which writes a logfile. The real problem is the mistaken belief that you can cat(1) a random logfile to your terminal safely.
** CUESTIONADA ** Varnish v2.0.6, escribe datos en un archivo de los sin depurar los caracteres no escribibles, lo que podría permitir a atacantes remotos modificar la ventana de título, o posiblemente ejecutar comandos de su elección o sobrescribir archivos, a través de una petición HTTP que contiene una secuencia de escape para el emulador de terminal. NOTA: el fabricante cuentiona el significado de este informe, alegando que "esto no es un problema de seguridad en Varnish o cualquier elemento de software que escribe en el archivo de log. El problema real es la falsa creencia de que se puede ejecutar el comando "cat" de manera segura sobre un archivo de logs aleatorio en la consola".
Nginx, Varnish, Cherokee, thttpd, mini-httpd, WEBrick, Orion, AOLserver, Yaws and Boa are subject to log escape sequence injection vulnerabilities.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2009-12-30 CVE Reserved
- 2010-01-11 CVE Published
- 2010-01-11 First Exploit
- 2024-08-07 CVE Updated
- 2024-08-23 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-20: Improper Input Validation
CAPEC
References (4)
URL | Tag | Source |
---|---|---|
http://www.securityfocus.com/archive/1/508830/100/0/threaded | Mailing List |
URL | Date | SRC |
---|---|---|
https://www.exploit-db.com/exploits/33498 | 2010-01-11 | |
http://www.securityfocus.com/bid/37713 | 2024-08-07 | |
http://www.ush.it/team/ush/hack_httpd_escape/adv.txt | 2024-08-07 |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Varnish.projects.linpro Search vendor "Varnish.projects.linpro" | Varnish Search vendor "Varnish.projects.linpro" for product "Varnish" | 2.0.6 Search vendor "Varnish.projects.linpro" for product "Varnish" and version "2.0.6" | - |
Affected
|