Description

nginx 0.7.64 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator.

Remediation

References

CVE-2009-4487

Related Vulnerabilities

Piwigo Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2024-46606)

Apache HTTP Server Observable Timing Discrepancy Vulnerability (CVE-2026-33006)

WebLogic CVE-2019-2568 Vulnerability (CVE-2019-2568)

Joomla Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2020-35614)

WordPress Plugin Add Product Tabs for WooCommerce Security Bypass (1.4.2)

Severity

Medium

Classification

CVE-2009-4487

Tags

Missing Update Known Vulnerabilities