CVE-2009-4487

MEDIUM

nginx 0.7.64 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator.

CVSS v2.0 Score

6.8

/ 10.0

MEDIUM

AV:N/AC:M/Au:N/C:P/I:P/A:P

Information

Published: 13 janv. 2010
Updated: 23 avr. 2026
Status: Modified
Source: cve@mitre.org

Affected products

f5 nginxAll nginx CVEs →

Versions : 0.7.64

Weaknesses (CWE)

NVD-CWE-noinfo

References (6)

http://www.securityfocus.com/archive/1/508830/100/0/threaded
Broken LinkThird Party AdvisoryVDB Entry
http://www.securityfocus.com/bid/37711
Broken LinkThird Party AdvisoryVDB Entry
http://www.ush.it/team/ush/hack_httpd_escape/adv.txt
ExploitPatchThird Party Advisory
http://www.securityfocus.com/archive/1/508830/100/0/threaded
Broken LinkThird Party AdvisoryVDB Entry
http://www.securityfocus.com/bid/37711
Broken LinkThird Party AdvisoryVDB Entry
http://www.ush.it/team/ush/hack_httpd_escape/adv.txt
ExploitPatchThird Party Advisory

Monitor your products

Get automatic alerts for every new CVE affecting your equipment.

Enable monitoring