Retour à la recherche

CVE-2009-4487

MEDIUM

nginx 0.7.64 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator.

Score CVSS v2.0

6.8

/ 10.0

MEDIUM

AV:N/AC:M/Au:N/C:P/I:P/A:P

Informations

Publié: 13 janv. 2010
Mis à jour: 23 avr. 2026
Statut: Modified
Source: cve@mitre.org

Produits affectés

f5 nginxToutes les CVE nginx →

Versions : 0.7.64

Faiblesses (CWE)

NVD-CWE-noinfo

Références (6)

http://www.securityfocus.com/archive/1/508830/100/0/threaded
Broken LinkThird Party AdvisoryVDB Entry
http://www.securityfocus.com/bid/37711
Broken LinkThird Party AdvisoryVDB Entry
http://www.ush.it/team/ush/hack_httpd_escape/adv.txt
ExploitPatchThird Party Advisory
http://www.securityfocus.com/archive/1/508830/100/0/threaded
Broken LinkThird Party AdvisoryVDB Entry
http://www.securityfocus.com/bid/37711
Broken LinkThird Party AdvisoryVDB Entry
http://www.ush.it/team/ush/hack_httpd_escape/adv.txt
ExploitPatchThird Party Advisory

Surveillez vos produits

Recevez une alerte automatique à chaque nouvelle CVE affectant vos équipements.

Activer la surveillance