Skip to main content

Yaws

4 CVEs product

Monthly

CVE-2020-24916 CRITICAL POC PATCH THREAT Act Now

CGI implementation in Yaws web server versions 1.81 to 2.0.7 is vulnerable to OS command injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Command Injection Yaws Ubuntu Linux Debian Linux
NVD GitHub
CVSS 3.1
9.8
EPSS
17.4%
CVE-2020-24379 CRITICAL POC PATCH Act Now

WebDAV implementation in Yaws web server versions 1.81 to 2.0.7 is vulnerable to XXE injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XXE Yaws Ubuntu Linux Debian Linux
NVD GitHub
CVSS 3.1
9.8
EPSS
3.4%
CVE-2020-12872 MEDIUM POC This Month

yaws_config.erl in Yaws through 2.0.2 and/or 2.0.7 loads obsolete TLS ciphers, as demonstrated by ones that allow Sweet32 attacks, if running on an Erlang/OTP virtual machine with a version less than. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Yaws
NVD GitHub
CVSS 3.1
5.5
EPSS
0.4%
CVE-2017-10974 HIGH POC THREAT Act Now

Yaws 1.91 allows Unauthenticated Remote File Disclosure via HTTP Directory Traversal with /%5C../ to port 8080. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 89.5%.

Path Traversal Yaws
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
89.5%
Threat
5.7
EPSS 17% CVSS 9.8
CRITICAL POC PATCH THREAT Act Now

CGI implementation in Yaws web server versions 1.81 to 2.0.7 is vulnerable to OS command injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Command Injection Yaws Ubuntu Linux +1
NVD GitHub
EPSS 3% CVSS 9.8
CRITICAL POC PATCH Act Now

WebDAV implementation in Yaws web server versions 1.81 to 2.0.7 is vulnerable to XXE injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XXE Yaws Ubuntu Linux +1
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM POC This Month

yaws_config.erl in Yaws through 2.0.2 and/or 2.0.7 loads obsolete TLS ciphers, as demonstrated by ones that allow Sweet32 attacks, if running on an Erlang/OTP virtual machine with a version less than. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Yaws
NVD GitHub
EPSS 90% 5.7 CVSS 7.5
HIGH POC THREAT Act Now

Yaws 1.91 allows Unauthenticated Remote File Disclosure via HTTP Directory Traversal with /%5C../ to port 8080. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 89.5%.

Path Traversal Yaws
NVD Exploit-DB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy