Description
header.c in Cherokee before 0.99.32 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator.
Remediation
References
Related Vulnerabilities
MediaWiki Other Vulnerability (CVE-2021-36126)
Drupal CVE-2014-9016 Vulnerability (CVE-2014-9016)
WordPress Plugin Another WordPress Classifieds Multiple Vulnerabilities (2.2.1)
WordPress Plugin AB Press Optimizer Multiple Cross-Site Scripting Vulnerabilities (1.1.1)
XWiki Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2021-32732)