|Category:||Debian Local Security Checks|
|Title:||Debian: Security Advisory for yaws (DSA-4773-1)|
|Summary:||The remote host is missing an update for the 'yaws'; package(s) announced via the DSA-4773-1 advisory.|
The remote host is missing an update for the 'yaws'
package(s) announced via the DSA-4773-1 advisory.
Two vulnerabilities were discovered in yaws, a high performance HTTP 1.1
webserver written in Erlang.
The WebDAV implementation is prone to a XML External Entity (XXE)
The CGI implementation does not properly sanitize CGI requests
allowing a remote attacker to execute arbitrary shell commands via
specially crafted CGI executable names.
'yaws' package(s) on Debian Linux.
For the stable distribution (buster), these problems have been fixed in
We recommend that you upgrade your yaws packages.
Common Vulnerability Exposure (CVE) ID: CVE-2020-24379|
Common Vulnerability Exposure (CVE) ID: CVE-2020-24916
|Copyright||Copyright (C) 2020 Greenbone Networks GmbH|
|This is only one of 86218 vulnerability tests in our test suite. Find out more about running a complete security audit.|
To run a free test of this vulnerability against your system, register below.