yaws

Link package | bugs open | bugs closed | Wiki | GitHub | web search
Description Web server for dynamic content
Version 2.0.9-1 [community]

Resolved

Group Affected Fixed Severity Status Ticket
AVG-1228 2.0.7-2 2.0.8-1 High Fixed
Issue Group Severity Remote Type Description
CVE-2020-24916 AVG-1228 High Yes Arbitrary command execution
CGI implementation in Yaws web server versions 1.81 to 2.0.7 is vulnerable to OS command injection.
CVE-2020-24379 AVG-1228 High Yes Information disclosure
WebDAV implementation in Yaws web server versions 1.81 to 2.0.7 is vulnerable to XXE injection.
CVE-2020-12872 AVG-1228 Medium Yes Information disclosure
yaws_config.erl in Yaws through 2.0.7 loads obsolete TLS ciphers, as demonstrated by ones that allow Sweet32 attacks.

Advisories

Date Advisory Group Severity Type
26 Sep 2020 ASA-202009-14 AVG-1228 High multiple issues