Description

header.c in Cherokee before 0.99.32 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator.

Remediation

References

CVE-2009-4489

Related Vulnerabilities

OpenVPN AS Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion') Vulnerability (CVE-2020-11462)

WordPress Plugin Genesis Columns Advanced Cross-Site Scripting (2.0.3)

WordPress Plugin WordPress Comments Import & Export Cross-Site Request Forgery (2.1.10)

WordPress Plugin Ads for WP-Advanced Ads & Adsense Solution for WP & AMP Cross-Site Request Forgery (1.8)

Jboss EAP CVE-2018-1304 Vulnerability (CVE-2018-1304)

Severity

Medium

Classification

CVE-2009-4489 CWE-20

Tags

Missing Update Known Vulnerabilities