Nginx Terminal Escape Sequence In Logs Command Injection Vulnerability Network Vulnerability

Summary

The 'nginx' program is prone to a command-injection vulnerability because it fails to adequately sanitize user-supplied input in log files. Attackers can exploit this issue to execute arbitrary commands in a terminal. This issue affects nginx 0.7.64 other versions may also be affected.

References

http://nginx.net/
http://www.securityfocus.com/archive/1/508830
http://www.securityfocus.com/bid/37711

Updated on 2015-03-25

Severity

Classification

CVE CVE-2009-4487
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:P/I:N/A:N

Related Vulnerabilities

IBM WebSphere Application Server JSF Application Information Disclosure Vulnerability
Cherokee Directory Traversal Vulnerability
IBM WebSphere Application Server Cross-Site Request Forgery Vulnerability
Authentication bypassing in Lotus Domino
Codebrws.asp Source Disclosure Vulnerability

nginx Terminal Escape Sequence in Logs Command Injection Vulnerability

Take action and discover your vulnerabilities