CVE-2020-24379

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: Yaws web server versions 1.81 through 2.0.7

Description: The issue is related to the implementation of WebDAV in the Yaws web server, which is vulnerable to XXE injection. This could allow a remote attacker to access confidential data, compromise its integrity, and cause a denial of service.

Recommendations: For Yaws web server versions 1.81 through 2.0.7, update to a version that is not affected by this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

XXE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-611

Related Identifiers

BDU:2021-01757

CVE-2020-24379

DLA-2384-1

DSA-4773-1

USN-4569-1

Affected Products

Ubuntu

Yaws Webserver

CVE-2020-24379

Weakness Enumeration

Related Identifiers

Affected Products

References · 22