Test Kennung:	1.3.6.1.4.1.25623.1.0.800447
Kategorie:	Web Servers
Titel:	Varnish Log Escape Sequence Injection Vulnerability
Zusammenfassung:	Varnish is prone to Log Escape Sequence Injection Vulnerability.
Beschreibung:	Summary: Varnish is prone to Log Escape Sequence Injection Vulnerability. Vulnerability Insight: The flaw exists when the Web Server is executed in foreground in a pty or when the logfiles are viewed with tools like 'cat' or 'tail' injected control characters reach the terminal and are executed. Vulnerability Impact: Successful exploitation will let the attacker execute arbitrary commands in a terminal. Affected Software/OS: Varnish version 2.0.6 and prior. Solution: Upgrade to Varnish version 2.1.2 or later. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2009-4488 BugTraq ID: 37713 http://www.securityfocus.com/bid/37713 Bugtraq: 20100110 Nginx, Varnish, Cherokee, thttpd, mini-httpd, WEBrick, Orion, AOLserver, Yaws and Boa log escape sequence injection (Google Search) http://www.securityfocus.com/archive/1/508830/100/0/threaded http://www.ush.it/team/ush/hack_httpd_escape/adv.txt
Copyright	Copyright (C) 2010 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.