Nginx, Varnish, Cherokee, thttpd, mini-httpd, WEBrick, Orion, AOLserver, Yaws and Boa log escape sequence injection @ Ush.it
Posted on January 10, 2010 in Research • Tagged with injection, log escape, log escape sequence injection • 9 min read
With the Ush.it team we published an advisory about “Nginx, Varnish, Cherokee, thttpd, mini-httpd, WEBrick, Orion, AOLserver, Yaws and Boa log escape sequence injection”. The original post is here and can be downloaded from here.
Nginx, Varnish, Cherokee, thttpd, mini-httpd, WEBrick, Orion, AOLserver,
Yaws and Boa log escape sequence injection
Name Nginx, Varnish, Cherokee, thttpd, mini-httpd, WEBrick,
Orion, AOLserver, Yaws and Boa log escape sequence
injection
Systems Affected nginx 0.7.64
Varnish 2.0.6
Cherokee 0.99.30
mini_httpd 1.19
thttpd 2.25b0
WEBrick 1.3.1
Orion 2.0.7
AOLserver 4.5.1
Yaws …Continue reading