Nginx, Varnish, Cherokee, thttpd, mini-httpd, WEBrick, Orion, AOLserver, Yaws and Boa log escape sequence injection @ Ush.it

Posted on January 10, 2010 in Research • Tagged with injection, log escape, log escape sequence injection • 9 min read

With the Ush.it team we published an advisory about “Nginx, Varnish, Cherokee, thttpd, mini-httpd, WEBrick, Orion, AOLserver, Yaws and Boa log escape sequence injection”. The original post is here and can be downloaded from here.

Nginx, Varnish, Cherokee, thttpd, mini-httpd, WEBrick, Orion, AOLserver,
Yaws and Boa log escape sequence injection

 Name              Nginx, Varnish, Cherokee, thttpd, mini-httpd, WEBrick,
                   Orion, AOLserver, Yaws and Boa log escape sequence
                   injection
 Systems Affected  nginx 0.7.64
                   Varnish 2.0.6
                   Cherokee 0.99.30
                   mini_httpd 1.19
                   thttpd 2.25b0
                   WEBrick 1.3.1
                   Orion 2.0.7
                   AOLserver 4.5.1
                   Yaws ...

Continue reading