Vulnerability Name:

CVE-2009-4488 (CCN-55533)

Assigned:2009-12-30
Published:2010-01-11
Updated:2018-10-10
Summary:** DISPUTED ** Varnish 2.0.6 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator.
Note: the vendor disputes the significance of this report, stating that "This is not a security problem in Varnish or any other piece of software which writes a logfile. The real problem is the mistaken belief that you can cat(1) a random logfile to your terminal safely."
CVSS v3 Severity:5.6 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): High
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)
3.9 Low (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N/E:POC/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): None
Availibility (A): None
5.1 Medium (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P)
4.0 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P/E:POC/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): High
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-20
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2009-4487

Source: MITRE
Type: CNA
CVE-2009-4488

Source: MITRE
Type: CNA
CVE-2009-4489

Source: MITRE
Type: CNA
CVE-2009-4490

Source: MITRE
Type: CNA
CVE-2009-4491

Source: MITRE
Type: CNA
CVE-2009-4492

Source: MITRE
Type: CNA
CVE-2009-4493

Source: MITRE
Type: CNA
CVE-2009-4494

Source: MITRE
Type: CNA
CVE-2009-4495

Source: MITRE
Type: CNA
CVE-2009-4496

Source: MITRE
Type: CNA
CVE-2009-4611

Source: CCN
Type: RHSA-2011-0908
Moderate: ruby security update

Source: CCN
Type: RHSA-2011-0909
Moderate: ruby security update

Source: CCN
Type: SA37933
Cherokee Terminal Escape Sequence Weakness

Source: CCN
Type: SA37949
Ruby WEBrick Terminal Escape Sequences Weakness

Source: CCN
Type: SECTRACK ID: 1023429
Ruby WEBrick Input Validation Flaw Lets Remote Users Inject Terminal Commands

Source: CCN
Type: Varnish Web site
Varnish

Source: CCN
Type: ACME Web site
thttpd

Source: CCN
Type: AOLserver Web site
AOLserver

Source: CCN
Type: Boa Web site
Boa

Source: CCN
Type: Cherokee Web site
Cherokee Web Server

Source: CCN
Type: GLSA-201001-09
Ruby: Terminal Control Character Injection

Source: CCN
Type: IBM Security Bulletin 1666525
Vulnerabilities found in IBM Sterling B2B Integrator and IBM Sterling File Gateway (CVE-2011-4461, CVS-2009-4612, CVE-2009-4611, CVE-2009-4610, CVS-2009-4609, CVE-2009-1524, CVE-2009-1523)

Source: CCN
Type: nginx Web site
nginx

Source: CCN
Type: Orion Web site
Orion Application Server

Source: CCN
Type: OSVDB ID: 61770
Boa HTTP Request Escape Sequence Terminal Command Injection

Source: CCN
Type: OSVDB ID: 61771
Yaws HTTP Request Escape Sequence Terminal Command Injection

Source: CCN
Type: OSVDB ID: 61772
AOLserver HTTP Request Escape Sequence Terminal Command Injection

Source: CCN
Type: OSVDB ID: 61773
Orion Application Server HTTP Request Escape Sequence Terminal Command Injection

Source: CCN
Type: OSVDB ID: 61774
WEBrick HTTP Request Escape Sequence Terminal Command Injection

Source: CCN
Type: OSVDB ID: 61775
thttpd HTTP Request Escape Sequence Terminal Command Injection

Source: CCN
Type: OSVDB ID: 61776
mini_httpd HTTP Request Escape Sequence Terminal Command Injection

Source: CCN
Type: OSVDB ID: 61777
Cherokee Web Server header.c HTTP Request Escape Sequence Terminal Command Injection

Source: CCN
Type: OSVDB ID: 61778
Varnish HTTP Request Escape Sequence Terminal Command Injection

Source: CCN
Type: OSVDB ID: 61779
nginx HTTP Request Escape Sequence Terminal Command Injection

Source: CCN
Type: OSVDB ID: 75808
Jetty Backtrace Data Manipulation Remote Code Execution

Source: CCN
Type: Ruby Web Site
WEBrick has an Escape Sequence Injection vulnerability

Source: BUGTRAQ
Type: UNKNOWN
20100110 Nginx, Varnish, Cherokee, thttpd, mini-httpd, WEBrick, Orion, AOLserver, Yaws and Boa log escape sequence injection

Source: CCN
Type: BID-37710
Ruby WEBrick Terminal Escape Sequence in Logs Command Injection Vulnerability

Source: CCN
Type: BID-37711
nginx Terminal Escape Sequence in Logs Command Injection Vulnerability

Source: CCN
Type: BID-37712
AOLServer Terminal Escape Sequence in Logs Command Injection Vulnerability

Source: BID
Type: Exploit
37713

Source: CCN
Type: BID-37713
Varnish Terminal Escape Sequence in Logs Command Injection Vulnerability

Source: CCN
Type: BID-37714
Acme thttpd and mini_httpd Terminal Escape Sequence in Logs Command Injection Vulnerability

Source: CCN
Type: BID-37715
Cherokee Terminal Escape Sequence in Logs Command Injection Vulnerability

Source: CCN
Type: BID-37716
Yaws Terminal Escape Sequence in Logs Command Injection Vulnerability

Source: CCN
Type: BID-37717
Orion Application Server Terminal Escape Sequence in Logs Command Injection Vulnerability

Source: CCN
Type: BID-37718
Boa Webserver Terminal Escape Sequence in Logs Command Injection Vulnerability

Source: CCN
Type: BID-37929
Jetty Terminal Escape Sequence in Logs Command Injection Vulnerability

Source: CCN
Type: USN-900-1
Ruby vulnerabilities

Source: CCN
Type: ush.it Web Site
Nginx, Varnish, Cherokee, thttpd, mini-httpd, WEBrick, Orion, AOLserver, Yaws and Boa log escape sequence injection

Source: MISC
Type: Exploit
http://www.ush.it/team/ush/hack_httpd_escape/adv.txt

Source: CCN
Type: Yaws Web site
Yaws

Source: XF
Type: UNKNOWN
ruby-webrick-command-execution(55533)

Source: CCN
Type: IBM Security Bulletin 6621343 (Control Desk)
Provision to add https and Secure Flag to bayeux_browser cookie for IBM Control Desk.

Vulnerable Configuration:Configuration 1:
  • cpe:/a:varnish.projects.linpro:varnish:2.0.6:*:*:*:*:*:*:*

  • Configuration CCN 1:
  • cpe:/a:ruby-lang:ruby:1.8.6:*:*:*:*:*:*:*
  • OR cpe:/a:ruby-lang:ruby:1.8.7:*:*:*:*:*:*:*
  • OR cpe:/a:ruby-lang:ruby:1.9.1:*:*:*:*:*:*:*
  • OR cpe:/a:mortbay:jetty:6.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:mortbay:jetty:6.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:mortbay:jetty:6:*:*:*:*:*:*:*
  • OR cpe:/a:mortbay:jetty:6.0.0:rc4:*:*:*:*:*:*
  • OR cpe:/a:mortbay:jetty:6.0.0:rc3:*:*:*:*:*:*
  • OR cpe:/a:mortbay:jetty:6.0.0:rc2:*:*:*:*:*:*
  • OR cpe:/a:mortbay:jetty:6.0.0:rc1:*:*:*:*:*:*
  • OR cpe:/a:mortbay:jetty:6.0.0:rc0:*:*:*:*:*:*
  • OR cpe:/a:mortbay:jetty:6.0.0:beta17:*:*:*:*:*:*
  • OR cpe:/a:mortbay:jetty:6.0.0:beta16:*:*:*:*:*:*
  • OR cpe:/a:mortbay:jetty:6.0.0:beta15:*:*:*:*:*:*
  • OR cpe:/a:mortbay:jetty:6.0.0:beta14:*:*:*:*:*:*
  • OR cpe:/a:mortbay:jetty:6.0.0:beta12:*:*:*:*:*:*
  • OR cpe:/a:mortbay:jetty:6.0.0:beta11:*:*:*:*:*:*
  • OR cpe:/a:mortbay:jetty:6.0.0:beta10:*:*:*:*:*:*
  • OR cpe:/a:mortbay:jetty:6.0.0:beta9:*:*:*:*:*:*
  • OR cpe:/a:mortbay:jetty:6.0.0:beta8:*:*:*:*:*:*
  • OR cpe:/a:mortbay:jetty:6.0.0:beta7:*:*:*:*:*:*
  • OR cpe:/a:mortbay:jetty:6.0.0:beta6:*:*:*:*:*:*
  • OR cpe:/a:mortbay:jetty:6.0.0:beta5:*:*:*:*:*:*
  • OR cpe:/a:mortbay:jetty:6.0.0:beta4:*:*:*:*:*:*
  • OR cpe:/a:mortbay:jetty:6.0.0:beta3:*:*:*:*:*:*
  • OR cpe:/a:mortbay:jetty:6.0.0:beta2:*:*:*:*:*:*
  • OR cpe:/a:mortbay:jetty:6.0.0:beta1:*:*:*:*:*:*
  • OR cpe:/a:mortbay:jetty:6.0.0:beta0:*:*:*:*:*:*
  • OR cpe:/a:mortbay:jetty:6.0.0:alpha3:*:*:*:*:*:*
  • OR cpe:/a:mortbay:jetty:6.0.0:alpha2:*:*:*:*:*:*
  • OR cpe:/a:mortbay:jetty:6.0.0:alpha1:*:*:*:*:*:*
  • OR cpe:/a:mortbay:jetty:6.0.0:alpha0:*:*:*:*:*:*
  • OR cpe:/a:mortbay:jetty:6.0.0:betax:*:*:*:*:*:*
  • OR cpe:/a:varnish-cache:varnish:2.0.6:*:*:*:*:*:*:*
  • OR cpe:/a:cherokee-project:cherokee:0.99.30:*:*:*:*:*:*:*
  • OR cpe:/a:acme:thttpd:2.25:b0:*:*:*:*:*:*
  • OR cpe:/a:acme:mini_httpd:1.19:*:*:*:*:*:*:*
  • OR cpe:/a:orionserver:orion_application_server:2.0.7:*:*:*:*:*:*:*
  • OR cpe:/a:aol:aolserver:4.5.1:*:*:*:*:*:*:*
  • OR cpe:/a:yaws:yaws:1.85:*:*:*:*:*:*:*
  • OR cpe:/a:boa:boa:0.94.14:rc21:*:*:*:*:*:*
  • OR cpe:/a:igor_sysoev:nginx:0.7.64:*:*:*:*:*:*:*
  • OR cpe:/a:ruby-lang:ruby:1.8.6:p383:*:*:*:*:*:*
  • OR cpe:/a:ruby-lang:ruby:1.8.7:p248:*:*:*:*:*:*
  • OR cpe:/a:ruby-lang:ruby:1.9.1:p376:*:*:*:*:*:*
  • OR cpe:/a:webrick:webrick:1.3.1:*:*:*:*:*:*:*
  • OR cpe:/a:ruby-lang:ruby:1.8.8:dev:*:*:*:*:*:*
  • OR cpe:/a:ruby-lang:ruby:1.9.2:dev:*:*:*:*:*:*
  • AND
  • cpe:/o:gentoo:linux:-:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:4.0:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:4.0::x86_64:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:5::client_workstation:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2008.0:x86_64:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:5::client:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2008.0:*:*:*:*:*:*:*
  • OR cpe:/o:mandriva:linux:2009.0:*:*:*:*:*:*:*
  • OR cpe:/o:mandriva:linux:2009.0:-:x86_64:*:*:*:*:*
  • OR cpe:/o:canonical:ubuntu:8.10:*:*:*:*:*:*:*
  • OR cpe:/o:mandriva:linux:2009.1:*:*:*:*:*:*:*
  • OR cpe:/o:mandriva:linux:2009.1:*:*:*:x86_64:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4.8.z:*:es:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4.8.z:*:as:*:*:*:*:*
  • OR cpe:/o:mandriva:enterprise_server:5:*:*:*:*:*:*:*
  • OR cpe:/o:mandriva:enterprise_server:5:*:*:*:x86_64:*:*:*
  • OR cpe:/o:mandriva:linux:2010:*:*:*:x86_64:*:*:*
  • OR cpe:/o:mandriva:linux:2010:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux_long_life:5.6:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:sterling_b2b_integrator:5.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:sterling_b2b_integrator:5.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:control_desk:7.6.1:*:*:*:*:*:*:*

  • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:com.ubuntu.precise:def:20094488000
    V
    CVE-2009-4488 on Ubuntu 12.04 LTS (precise) - negligible.
    2010-01-13
    oval:com.ubuntu.trusty:def:20094488000
    V
    CVE-2009-4488 on Ubuntu 14.04 LTS (trusty) - negligible.
    2010-01-13
    oval:com.ubuntu.xenial:def:20094488000
    V
    CVE-2009-4488 on Ubuntu 16.04 LTS (xenial) - negligible.
    2010-01-13
    oval:com.ubuntu.xenial:def:200944880000000
    V
    CVE-2009-4488 on Ubuntu 16.04 LTS (xenial) - negligible.
    2010-01-13
    BACK
    varnish.projects.linpro varnish 2.0.6
    ruby-lang ruby 1.8.6
    ruby-lang ruby 1.8.7
    ruby-lang ruby 1.9.1
    mortbay jetty 6.0.2
    mortbay jetty 6.0.1
    mortbay jetty 6
    mortbay jetty 6.0.0 rc4
    mortbay jetty 6.0.0 rc3
    mortbay jetty 6.0.0 rc2
    mortbay jetty 6.0.0 rc1
    mortbay jetty 6.0.0 rc0
    mortbay jetty 6.0.0 beta17
    mortbay jetty 6.0.0 beta16
    mortbay jetty 6.0.0 beta15
    mortbay jetty 6.0.0 beta14
    mortbay jetty 6.0.0 beta12
    mortbay jetty 6.0.0 beta11
    mortbay jetty 6.0.0 beta10
    mortbay jetty 6.0.0 beta9
    mortbay jetty 6.0.0 beta8
    mortbay jetty 6.0.0 beta7
    mortbay jetty 6.0.0 beta6
    mortbay jetty 6.0.0 beta5
    mortbay jetty 6.0.0 beta4
    mortbay jetty 6.0.0 beta3
    mortbay jetty 6.0.0 beta2
    mortbay jetty 6.0.0 beta1
    mortbay jetty 6.0.0 beta0
    mortbay jetty 6.0.0 alpha3
    mortbay jetty 6.0.0 alpha2
    mortbay jetty 6.0.0 alpha1
    mortbay jetty 6.0.0 alpha0
    mortbay jetty 6.0.0 betax
    varnish-cache varnish 2.0.6
    cherokee-project cherokee 0.99.30
    acme thttpd 2.25 b0
    acme mini httpd 1.19
    orionserver orion application server 2.0.7
    aol aolserver 4.5.1
    yaws yaws 1.85
    boa boa 0.94.14 rc21
    igor_sysoev nginx 0.7.64
    ruby-lang ruby 1.8.6 p383
    ruby-lang ruby 1.8.7 p248
    ruby-lang ruby 1.9.1 p376
    webrick webrick 1.3.1
    ruby-lang ruby 1.8.8 dev
    ruby-lang ruby 1.9.2 dev
    gentoo linux -
    redhat enterprise linux 4
    redhat enterprise linux 4
    redhat enterprise linux 4
    redhat enterprise linux 4
    mandrakesoft mandrake linux corporate server 4.0
    mandrakesoft mandrake linux corporate server 4.0
    redhat enterprise linux 5
    redhat enterprise linux 5
    mandrakesoft mandrake linux 2008.0 x86_64
    redhat enterprise linux 5
    mandrakesoft mandrake linux 2008.0
    mandriva linux 2009.0
    mandriva linux 2009.0 -
    canonical ubuntu 8.10
    mandriva linux 2009.1
    mandriva linux 2009.1
    redhat enterprise linux 4.8.z
    redhat enterprise linux 4.8.z
    mandriva enterprise server 5
    mandriva enterprise server 5
    mandriva linux 2010
    mandriva linux 2010
    redhat enterprise linux long life 5.6
    ibm sterling b2b integrator 5.1
    ibm sterling b2b integrator 5.2
    ibm control desk 7.6.1