Test Kennung:	1.3.6.1.4.1.25623.1.0.100440
Kategorie:	Web Servers
Titel:	Cherokee Terminal Escape Sequence in Logs Command Injection Vulnerability
Zusammenfassung:	Cherokee is prone to a command-injection vulnerability because it; fails to adequately sanitize user-supplied input in logfiles.
Beschreibung:	Summary: Cherokee is prone to a command-injection vulnerability because it fails to adequately sanitize user-supplied input in logfiles. Vulnerability Impact: Attackers can exploit this issue to execute arbitrary commands in a terminal. Affected Software/OS: Cherokee 0.99.30 and prior are vulnerable. Solution: Updates are available. Please see the references for details. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2009-4489 BugTraq ID: 37715 http://www.securityfocus.com/bid/37715 Bugtraq: 20100110 Nginx, Varnish, Cherokee, thttpd, mini-httpd, WEBrick, Orion, AOLserver, Yaws and Boa log escape sequence injection (Google Search) http://www.securityfocus.com/archive/1/508830/100/0/threaded http://www.ush.it/team/ush/hack_httpd_escape/adv.txt http://secunia.com/advisories/37933 http://www.vupen.com/english/advisories/2010/0090
Copyright	Copyright (C) 2010 Greenbone Networks GmbH

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.