Log Injection Vulnerability in Boa Web Server by Acme Corp
CVE-2009-4496

Currently unrated

Key Information:

Vendor: Boa
Status: Boa
Vendor: CVE Published:; 13 January 2010

What is CVE-2009-4496?

The Boa Web Server version 0.94.14rc21 is susceptible to a log injection vulnerability, where it fails to sanitize non-printable characters in log file outputs. This lack of proper input validation allows remote attackers to craft HTTP requests that could modify the window's title or potentially execute arbitrary commands. Such exploitation could lead to file overwriting, representing a significant security risk for affected systems.

References

http://lists.fedoraproject.org/pipermail/package-announce...

vendor-advisoryx_refsource_FEDORA

http://lists.fedoraproject.org/pipermail/package-announce...

vendor-advisoryx_refsource_FEDORA

http://secunia.com/advisories/39775

third-party-advisoryx_refsource_SECUNIA

EPSS Score

11% chance of being exploited in the next 30 days.

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 13, 2010
Vulnerability Reserved
Dec 30, 2009