Vulnerabilites related to varnish.projects.linpro - varnish
CVE-2009-4488 (GCVE-0-2009-4488)
Vulnerability from cvelistv5
Published
2010-01-13 20:00
Modified
2025-01-21 16:48
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Varnish 2.0.6 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator. NOTE: the vendor disputes the significance of this report, stating that "This is not a security problem in Varnish or any other piece of software which writes a logfile. The real problem is the mistaken belief that you can cat(1) a random logfile to your terminal safely.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.ush.it/team/ush/hack_httpd_escape/adv.txt | x_refsource_MISC | |
| http://www.securityfocus.com/bid/37713 | vdb-entry, x_refsource_BID | |
| http://www.securityfocus.com/archive/1/508830/100/0/threaded | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:01:20.310Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.ush.it/team/ush/hack_httpd_escape/adv.txt"
},
{
"name": "37713",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/37713"
},
{
"name": "20100110 Nginx, Varnish, Cherokee, thttpd, mini-httpd, WEBrick, Orion, AOLserver, Yaws and Boa log escape sequence injection",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/508830/100/0/threaded"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2009-4488",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-21T16:47:53.383123Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1284",
"description": "CWE-1284 Improper Validation of Specified Quantity in Input",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-21T16:48:02.245Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-01-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Varnish 2.0.6 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window\u0027s title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator. NOTE: the vendor disputes the significance of this report, stating that \"This is not a security problem in Varnish or any other piece of software which writes a logfile. The real problem is the mistaken belief that you can cat(1) a random logfile to your terminal safely."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.ush.it/team/ush/hack_httpd_escape/adv.txt"
},
{
"name": "37713",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/37713"
},
{
"name": "20100110 Nginx, Varnish, Cherokee, thttpd, mini-httpd, WEBrick, Orion, AOLserver, Yaws and Boa log escape sequence injection",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/508830/100/0/threaded"
}
],
"tags": [
"disputed"
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4488",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** DISPUTED ** Varnish 2.0.6 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window\u0027s title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator. NOTE: the vendor disputes the significance of this report, stating that \"This is not a security problem in Varnish or any other piece of software which writes a logfile. The real problem is the mistaken belief that you can cat(1) a random logfile to your terminal safely.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ush.it/team/ush/hack_httpd_escape/adv.txt",
"refsource": "MISC",
"url": "http://www.ush.it/team/ush/hack_httpd_escape/adv.txt"
},
{
"name": "37713",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/37713"
},
{
"name": "20100110 Nginx, Varnish, Cherokee, thttpd, mini-httpd, WEBrick, Orion, AOLserver, Yaws and Boa log escape sequence injection",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/508830/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-4488",
"datePublished": "2010-01-13T20:00:00",
"dateReserved": "2009-12-30T00:00:00",
"dateUpdated": "2025-01-21T16:48:02.245Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-2936 (GCVE-0-2009-2936)
Vulnerability from cvelistv5
Published
2010-04-05 16:00
Modified
2024-08-07 06:07
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The Command Line Interface (aka Server CLI or administration interface) in the master process in the reverse proxy server in Varnish before 2.1.0 does not require authentication for commands received through a TCP port, which allows remote attackers to (1) execute arbitrary code via a vcl.inline directive that provides a VCL configuration file containing inline C code; (2) change the ownership of the master process via param.set, stop, and start directives; (3) read the initial line of an arbitrary file via a vcl.load directive; or (4) conduct cross-site request forgery (CSRF) attacks that leverage a victim's location on a trusted network and improper input validation of directives. NOTE: the vendor disputes this report, saying that it is "fundamentally misguided and pointless.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/archive/1/510360/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www.varnish-cache.org/wiki/CLI | x_refsource_MISC | |
| http://www.varnish-cache.org/changeset/3865 | x_refsource_MISC | |
| http://www.securityfocus.com/archive/1/510368/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://lists.fedoraproject.org/pipermail/package-announce/2010-April/040359.html | vendor-advisory, x_refsource_FEDORA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:07:37.424Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20100329 Medium security hole in Varnish reverse proxy",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/510360/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.varnish-cache.org/wiki/CLI"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.varnish-cache.org/changeset/3865"
},
{
"name": "20100329 Re: [Full-disclosure] Medium security hole in Varnish reverse proxy",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/510368/100/0/threaded"
},
{
"name": "FEDORA-2010-6719",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-April/040359.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-03-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Command Line Interface (aka Server CLI or administration interface) in the master process in the reverse proxy server in Varnish before 2.1.0 does not require authentication for commands received through a TCP port, which allows remote attackers to (1) execute arbitrary code via a vcl.inline directive that provides a VCL configuration file containing inline C code; (2) change the ownership of the master process via param.set, stop, and start directives; (3) read the initial line of an arbitrary file via a vcl.load directive; or (4) conduct cross-site request forgery (CSRF) attacks that leverage a victim\u0027s location on a trusted network and improper input validation of directives. NOTE: the vendor disputes this report, saying that it is \"fundamentally misguided and pointless."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20100329 Medium security hole in Varnish reverse proxy",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/510360/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.varnish-cache.org/wiki/CLI"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.varnish-cache.org/changeset/3865"
},
{
"name": "20100329 Re: [Full-disclosure] Medium security hole in Varnish reverse proxy",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/510368/100/0/threaded"
},
{
"name": "FEDORA-2010-6719",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-April/040359.html"
}
],
"tags": [
"disputed"
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-2936",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** DISPUTED ** The Command Line Interface (aka Server CLI or administration interface) in the master process in the reverse proxy server in Varnish before 2.1.0 does not require authentication for commands received through a TCP port, which allows remote attackers to (1) execute arbitrary code via a vcl.inline directive that provides a VCL configuration file containing inline C code; (2) change the ownership of the master process via param.set, stop, and start directives; (3) read the initial line of an arbitrary file via a vcl.load directive; or (4) conduct cross-site request forgery (CSRF) attacks that leverage a victim\u0027s location on a trusted network and improper input validation of directives. NOTE: the vendor disputes this report, saying that it is \"fundamentally misguided and pointless.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20100329 Medium security hole in Varnish reverse proxy",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/510360/100/0/threaded"
},
{
"name": "http://www.varnish-cache.org/wiki/CLI",
"refsource": "MISC",
"url": "http://www.varnish-cache.org/wiki/CLI"
},
{
"name": "http://www.varnish-cache.org/changeset/3865",
"refsource": "MISC",
"url": "http://www.varnish-cache.org/changeset/3865"
},
{
"name": "20100329 Re: [Full-disclosure] Medium security hole in Varnish reverse proxy",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/510368/100/0/threaded"
},
{
"name": "FEDORA-2010-6719",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-April/040359.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-2936",
"datePublished": "2010-04-05T16:00:00",
"dateReserved": "2009-08-23T00:00:00",
"dateUpdated": "2024-08-07T06:07:37.424Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2010-04-05 16:30
Modified
2025-04-11 00:51
Severity ?
Summary
The Command Line Interface (aka Server CLI or administration interface) in the master process in the reverse proxy server in Varnish before 2.1.0 does not require authentication for commands received through a TCP port, which allows remote attackers to (1) execute arbitrary code via a vcl.inline directive that provides a VCL configuration file containing inline C code; (2) change the ownership of the master process via param.set, stop, and start directives; (3) read the initial line of an arbitrary file via a vcl.load directive; or (4) conduct cross-site request forgery (CSRF) attacks that leverage a victim's location on a trusted network and improper input validation of directives. NOTE: the vendor disputes this report, saying that it is "fundamentally misguided and pointless.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| varnish.projects.linpro | varnish | 0.9 | |
| varnish.projects.linpro | varnish | 0.9.1 | |
| varnish.projects.linpro | varnish | 1.0 | |
| varnish.projects.linpro | varnish | 1.0.1 | |
| varnish.projects.linpro | varnish | 1.0.2 | |
| varnish.projects.linpro | varnish | 1.0.3 | |
| varnish.projects.linpro | varnish | 1.0.4 | |
| varnish.projects.linpro | varnish | 1.1 | |
| varnish.projects.linpro | varnish | 1.1.1 | |
| varnish.projects.linpro | varnish | 1.1.2 | |
| varnish.projects.linpro | varnish | 2.0 | |
| varnish.projects.linpro | varnish | 2.0 | |
| varnish.projects.linpro | varnish | 2.0 | |
| varnish.projects.linpro | varnish | 2.0 | |
| varnish.projects.linpro | varnish | 2.0.1 | |
| varnish.projects.linpro | varnish | 2.0.2 | |
| varnish.projects.linpro | varnish | 2.0.3 | |
| varnish.projects.linpro | varnish | 2.0.4 | |
| varnish.projects.linpro | varnish | 2.0.5 | |
| varnish.projects.linpro | varnish | 2.0.6 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:varnish.projects.linpro:varnish:0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "84D5B200-B3CE-4B3E-A64B-DEC2F1DFBA74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:varnish.projects.linpro:varnish:0.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "163F7D79-3CDE-4022-AE54-AF4EB1E2BCDB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:varnish.projects.linpro:varnish:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "33A9C306-D088-477A-B5B1-A840083367C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:varnish.projects.linpro:varnish:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6E59746B-600B-4086-B9DA-CC24C5D5C16D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:varnish.projects.linpro:varnish:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A70BA8DB-D016-4970-9026-A86A96CFEBAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:varnish.projects.linpro:varnish:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A502A298-F6E6-4E37-9CF1-CBD6AC9E36E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:varnish.projects.linpro:varnish:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "58BD6EC1-A38B-4761-BFC7-B0393C2FE48B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:varnish.projects.linpro:varnish:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1D073F3A-4EBD-4144-B394-6DC998061CEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:varnish.projects.linpro:varnish:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C33268B6-8F60-4502-9ECC-4F8465FA0AD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:varnish.projects.linpro:varnish:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F9BC6E22-867E-4A2F-92EC-177611047245",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:varnish.projects.linpro:varnish:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3D1A460C-DBD9-4D08-B835-6897F6DA3611",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:varnish.projects.linpro:varnish:2.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "8C0DB8AF-F472-41CD-9CCD-A295B5517894",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:varnish.projects.linpro:varnish:2.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "F92062C5-6288-4244-B786-4621CC16A188",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:varnish.projects.linpro:varnish:2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "0B559DD9-1FD3-45CB-8070-A899E9FADE16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:varnish.projects.linpro:varnish:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "44BEBA6C-F548-416F-8507-9578857ED384",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:varnish.projects.linpro:varnish:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7066D53C-8A0E-4875-9931-C593865AF6E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:varnish.projects.linpro:varnish:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8F6CFA79-0172-47FB-9328-0278D1C3CC71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:varnish.projects.linpro:varnish:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C2F74286-4A7B-44B9-9AB1-CF39046F9D01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:varnish.projects.linpro:varnish:2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5FFFD248-824B-47BE-AE16-A433E3C8AD56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:varnish.projects.linpro:varnish:2.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "D7EE367F-581D-41CC-A92C-699B7E6704E4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [
{
"sourceIdentifier": "cve@mitre.org",
"tags": [
"disputed"
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The Command Line Interface (aka Server CLI or administration interface) in the master process in the reverse proxy server in Varnish before 2.1.0 does not require authentication for commands received through a TCP port, which allows remote attackers to (1) execute arbitrary code via a vcl.inline directive that provides a VCL configuration file containing inline C code; (2) change the ownership of the master process via param.set, stop, and start directives; (3) read the initial line of an arbitrary file via a vcl.load directive; or (4) conduct cross-site request forgery (CSRF) attacks that leverage a victim\u0027s location on a trusted network and improper input validation of directives. NOTE: the vendor disputes this report, saying that it is \"fundamentally misguided and pointless."
},
{
"lang": "es",
"value": "** DISPUTADA** La interfase de l\u00ednea de comandos (tambi\u00e9n conocida como Server CLI o interfase de administraci\u00f3n) en el proceso maestro en el \"reverse proxy server\" en Varnish anteriores a v2.1.0 no requiere autenticaci\u00f3n para comandos recibidos a trav\u00e9s del puerto TCP, lo que permite a atacantes remotos (1) ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de una directiva vcl.inline que provee un fichero de configuraci\u00f3n c\u00f3digo C; (2) cambiar el propietario del proceso maestro a trav\u00e9s de directivas param.set, stop y start: (3) leer la l\u00ednea iniciar de un fichero de su elecci\u00f3n a trav\u00e9s de la directiva vcl.load; o (4) conducir un ataque de falsificaci\u00f3n de petici\u00f3n en sitios cruzados que muestren la localizaci\u00f3n de la v\u00edctima en una red segura y una validaci\u00f3n de entrada impropia de directivas. NOTA: el desarollador disputa este informe diciendo que es \"equivocada y sin sentido\"."
}
],
"id": "CVE-2009-2936",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-04-05T16:30:00.453",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-April/040359.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/510360/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/510368/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.varnish-cache.org/changeset/3865"
},
{
"source": "cve@mitre.org",
"url": "http://www.varnish-cache.org/wiki/CLI"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-April/040359.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/510360/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/510368/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.varnish-cache.org/changeset/3865"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.varnish-cache.org/wiki/CLI"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-01-13 20:30
Modified
2025-04-09 00:30
Severity ?
Summary
Varnish 2.0.6 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator. NOTE: the vendor disputes the significance of this report, stating that "This is not a security problem in Varnish or any other piece of software which writes a logfile. The real problem is the mistaken belief that you can cat(1) a random logfile to your terminal safely.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| varnish.projects.linpro | varnish | 2.0.6 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:varnish.projects.linpro:varnish:2.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "D7EE367F-581D-41CC-A92C-699B7E6704E4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [
{
"sourceIdentifier": "cve@mitre.org",
"tags": [
"disputed"
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Varnish 2.0.6 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window\u0027s title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator. NOTE: the vendor disputes the significance of this report, stating that \"This is not a security problem in Varnish or any other piece of software which writes a logfile. The real problem is the mistaken belief that you can cat(1) a random logfile to your terminal safely."
},
{
"lang": "es",
"value": "** CUESTIONADA ** Varnish v2.0.6, escribe datos en un archivo de los sin depurar los caracteres no escribibles, lo que podr\u00eda permitir a atacantes remotos modificar la ventana de t\u00edtulo, o posiblemente ejecutar comandos de su elecci\u00f3n o sobrescribir archivos, a trav\u00e9s de una petici\u00f3n HTTP que contiene una secuencia de escape para el emulador de terminal. NOTA: el fabricante cuentiona el significado de este informe, alegando que \"esto no es un problema de seguridad en Varnish o cualquier elemento de software que escribe en el archivo de log. El problema real es la falsa creencia de que se puede ejecutar el comando \"cat\" de manera segura sobre un archivo de logs aleatorio en la consola\"."
}
],
"id": "CVE-2009-4488",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2010-01-13T20:30:00.390",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/508830/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/37713"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.ush.it/team/ush/hack_httpd_escape/adv.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/508830/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/37713"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.ush.it/team/ush/hack_httpd_escape/adv.txt"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-1284"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}