CVE-2009-4487

nginx 0.7.64 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator.
References
Link Resource
http://www.securityfocus.com/archive/1/508830/100/0/threaded Broken Link Third Party Advisory VDB Entry
http://www.securityfocus.com/bid/37711 Broken Link Third Party Advisory VDB Entry
http://www.ush.it/team/ush/hack_httpd_escape/adv.txt Exploit Patch Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:f5:nginx:0.7.64:*:*:*:*:*:*:*

History

10 Nov 2021, 15:51

Type Values Removed Values Added
CPE cpe:2.3:a:nginx:nginx:0.7.64:*:*:*:*:*:*:* cpe:2.3:a:f5:nginx:0.7.64:*:*:*:*:*:*:*

21 Apr 2021, 15:02

Type Values Removed Values Added
References (MISC) http://www.ush.it/team/ush/hack_httpd_escape/adv.txt - Exploit (MISC) http://www.ush.it/team/ush/hack_httpd_escape/adv.txt - Exploit, Patch, Third Party Advisory
References (BUGTRAQ) http://www.securityfocus.com/archive/1/508830/100/0/threaded - Third Party Advisory, VDB Entry (BUGTRAQ) http://www.securityfocus.com/archive/1/508830/100/0/threaded - Broken Link, Third Party Advisory, VDB Entry
References (BID) http://www.securityfocus.com/bid/37711 - Exploit, Third Party Advisory, VDB Entry (BID) http://www.securityfocus.com/bid/37711 - Broken Link, Third Party Advisory, VDB Entry
CPE cpe:2.3:a:nginx:nginx:*:*:*:*:*:*:*:* cpe:2.3:a:nginx:nginx:0.7.64:*:*:*:*:*:*:*

Information

Published : 2010-01-13 20:30

Updated : 2023-12-10 11:03


NVD link : CVE-2009-4487

Mitre link : CVE-2009-4487

CVE.ORG link : CVE-2009-4487


JSON object : View

Products Affected

f5

  • nginx