Summary
Acme 'thttpd' and 'mini_httpd' are prone to a command-injection vulnerability because they fail to adequately sanitize user-supplied input in logfiles.
Attackers can exploit this issue to execute arbitrary commands in a terminal.
This issue affects thttpd 2.25b and mini_httpd 1.19 other versions
may also be affected.
References
Severity
Classification
-
CVE CVE-2009-4490, CVE-2009-4491 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:P/I:N/A:N
Related Vulnerabilities
- Home Web Server Graphical User Interface Remote Denial Of Service Vulnerability
- Apache 'mod_proxy_http' 2.2.9 for Unix Timeout Handling Information Disclosure Vulnerability
- bozotic HTTP server Information Disclosure Vulnerability
- Ecava IntegraXor Directory Traversal Vulnerability
- IBM Rational Quality Manager and Rational Test Lab Manager Tomcat Default Account Vulnerability