Jekil

**Name of the Vulnerable Software and Affected Versions** vtiger CRM versions prior to 5.2.1 **Description** The issue concerns multiple directory traversal vulnerabilities in the return application language function. These vulnerabilities allow remote attackers to include and execute arbitrary local files. This can be achieved by providing a .. (dot dot) in specific parameters, such as the `lang crm` parameter to "phprint.php" or the `current language` parameter in an Accounts Import action to "graph.php". **Recommendations** For versions prior to 5.2.1, update to version 5.2.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the "phprint.php" and "graph.php" scripts to minimize the risk of exploitation. Additionally, avoid using the `lang crm` and `current language` parameters in the affected API endpoints until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Varnish version 2.0.6 **Description** The issue arises from Varnish writing data to a log file without sanitizing non-printable characters. This could potentially allow remote attackers to modify a window's title or possibly execute arbitrary commands or overwrite files via an HTTP request containing an escape sequence for a terminal emulator. The vendor disputes the significance of this report, stating that the real problem lies in the mistaken belief that one can safely use the `cat(1)` command on a random log file to their terminal. **Recommendations** For Varnish version 2.0.6, consider avoiding the use of `cat(1)` on log files to prevent potential exploitation, as the vendor suggests the issue lies in this practice rather than the software itself. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Cherokee versions prior to 0.99.32 **Description** The issue allows remote attackers to potentially modify a window's title or execute arbitrary commands via an HTTP request containing an escape sequence for a terminal emulator, as the software writes data to a log file without sanitizing non-printable characters. **Recommendations** For versions prior to 0.99.32, update to version 0.99.32 or later to resolve the issue. As a temporary workaround, consider restricting access to the log file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** mini httpd version 1.19 **Description** The issue allows remote attackers to potentially modify a window's title or execute arbitrary commands via an HTTP request containing an escape sequence for a terminal emulator, as mini httpd writes data to a log file without sanitizing non-printable characters. **Recommendations** For mini httpd version 1.19, consider sanitizing non-printable characters in log data to prevent potential exploitation. As a temporary workaround, restrict access to the log file to minimize the risk of arbitrary command execution.

**Name of the Vulnerable Software and Affected Versions** thttpd version 2.25b0 **Description** The issue allows remote attackers to potentially modify a window's title or execute arbitrary commands via an HTTP request containing an escape sequence for a terminal emulator. This is due to thttpd writing data to a log file without sanitizing non-printable characters. **Recommendations** For thttpd version 2.25b0, consider disabling the logging feature to the terminal emulator until a patch is available, and restrict access to the log files to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Ruby versions 1.8.6 through patchlevel 383 Ruby versions 1.8.7 through patchlevel 248 Ruby version 1.8.8dev Ruby versions 1.9.1 through patchlevel 376 Ruby version 1.9.2dev **Description** The issue allows remote attackers to potentially modify a window's title or execute arbitrary commands via an HTTP request containing an escape sequence for a terminal emulator, as WEBrick writes data to a log file without sanitizing non-printable characters. **Recommendations** For Ruby versions 1.8.6 through patchlevel 383, update to a version with the necessary security patches. For Ruby versions 1.8.7 through patchlevel 248, update to a version with the necessary security patches. For Ruby version 1.8.8dev, apply the available security fix. For Ruby versions 1.9.1 through patchlevel 376, update to a version with the necessary security patches. For Ruby version 1.9.2dev, apply the available security fix.

**Name of the Vulnerable Software and Affected Versions** nginx version 0.7.64 **Description** The issue allows remote attackers to potentially modify a window's title, execute arbitrary commands, or overwrite files via an HTTP request containing an escape sequence for a terminal emulator. This is because nginx writes data to a log file without sanitizing non-printable characters. **Recommendations** For nginx version 0.7.64, update to a version that sanitizes non-printable characters in log files to prevent potential exploitation.

**Name of the Vulnerable Software and Affected Versions** AOLserver version 4.5.1 **Description** The issue allows remote attackers to potentially modify a window's title or execute arbitrary commands via an HTTP request containing an escape sequence for a terminal emulator, as the software writes data to a log file without sanitizing non-printable characters. **Recommendations** For AOLserver version 4.5.1, consider sanitizing non-printable characters in log files to prevent potential exploitation. As a temporary workaround, restrict access to the log files to minimize the risk of arbitrary command execution. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Yaws version 1.85 **Description** The issue allows remote attackers to potentially modify a window's title or execute arbitrary commands via an HTTP request containing an escape sequence for a terminal emulator, as Yaws writes data to a log file without sanitizing non-printable characters. **Recommendations** For Yaws version 1.85, consider sanitizing non-printable characters in log files to prevent potential exploitation. As a temporary workaround, restrict access to the log files and terminal emulators to minimize the risk of arbitrary command execution.

**Name of the Vulnerable Software and Affected Versions** Boa versions 0.94.14rc21 **Description** The issue allows remote attackers to potentially modify a window's title, execute arbitrary commands, or overwrite files via an HTTP request containing an escape sequence for a terminal emulator. This occurs because the software writes data to a log file without sanitizing non-printable characters. **Recommendations** For Boa version 0.94.14rc21, as a temporary workaround, consider restricting access to the log file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Mort Bay Jetty versions 6.x through 6.1.22 Mort Bay Jetty versions 7.0.0 **Description** The issue allows remote attackers to potentially modify a window's title, execute arbitrary commands, or overwrite files via an HTTP request containing an escape sequence for a terminal emulator. This is related to the handling of specific parameters and headers, including the `Age` parameter in the Cookie Dump Servlet, the `A` parameter in jsp/expr.jsp, and the `Content-Length` HTTP header. **Recommendations** For Mort Bay Jetty versions 6.x through 6.1.22, update to a version later than 6.1.22 to resolve the issue. For Mort Bay Jetty version 7.0.0, update to a version later than 7.0.0 to resolve the issue. As a temporary workaround, consider restricting access to the Cookie Dump Servlet and jsp/expr.jsp to minimize the risk of exploitation. Avoid using the `Age` parameter in the Cookie Dump Servlet and the `A` parameter in jsp/expr.jsp until the issue is resolved. Restrict the handling of the `Content-Length` HTTP header in arbitrary applications to prevent potential exploitation.

**Name of the Vulnerable Software and Affected Versions** Orion Application Server version 2.0.7 **Description** The issue allows remote attackers to potentially modify a window's title or execute arbitrary commands via an HTTP request containing an escape sequence for a terminal emulator, as the software writes data to a log file without sanitizing non-printable characters. **Recommendations** For Orion Application Server version 2.0.7, consider disabling the logging feature to the terminal emulator until a patch is available, and restrict access to the log files to minimize the risk of exploitation.