CVE Vulnerabilities

CVE-2009-4487

Published: Jan 13, 2010 | Modified: Nov 10, 2021
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
6.8 MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
RedHat/V2
2.6 LOW
AV:N/AC:H/Au:N/C:N/I:P/A:N
RedHat/V3
Ubuntu

nginx 0.7.64 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window’s title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator.

Affected Software

Name Vendor Start Version End Version
Nginx F5 0.7.64 0.7.64
Nginx Ubuntu devel *
Nginx Ubuntu hardy *
Nginx Ubuntu intrepid *
Nginx Ubuntu jaunty *
Nginx Ubuntu karmic *
Nginx Ubuntu lucid *
Nginx Ubuntu maverick *
Nginx Ubuntu natty *
Nginx Ubuntu oneiric *
Nginx Ubuntu precise *

References