Log Injection Vulnerability in Boa Web Server by Acme Corp
CVE-2009-4496

Currently unrated

Key Information:

Vendor

Boa

Status
Boa
Vendor
CVE Published:
13 January 2010

What is CVE-2009-4496?

The Boa Web Server version 0.94.14rc21 is susceptible to a log injection vulnerability, where it fails to sanitize non-printable characters in log file outputs. This lack of proper input validation allows remote attackers to craft HTTP requests that could modify the window's title or potentially execute arbitrary commands. Such exploitation could lead to file overwriting, representing a significant security risk for affected systems.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://lists.fedoraproject.org/pipermail/package-announce...
vendor-advisoryx_refsource_FEDORA
http://lists.fedoraproject.org/pipermail/package-announce...
vendor-advisoryx_refsource_FEDORA
http://secunia.com/advisories/39775
third-party-advisoryx_refsource_SECUNIA

EPSS Score

10% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.