CVE-2009-4487
Last modified
CVE-2009-4487 is a vulnerability of currently unknown severity. nginx 0.7.64 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator.. EPSS estimates a 27.01% chance of exploitation in the next 30 days.
Description
nginx 0.7.64 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator.
Metrics
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| F5 | Nginx | 0.7.64 |
References
- http://www.securityfocus.com/archive/1/508830/100/0/threadedBroken Link, Third Party Advisory, VDB Entry
- http://www.securityfocus.com/bid/37711Broken Link, Third Party Advisory, VDB Entry
- http://www.ush.it/team/ush/hack_httpd_escape/adv.txtExploit, Patch, Third Party Advisory
- http://www.securityfocus.com/archive/1/508830/100/0/threadedBroken Link, Third Party Advisory, VDB Entry
- http://www.securityfocus.com/bid/37711Broken Link, Third Party Advisory, VDB Entry
- http://www.ush.it/team/ush/hack_httpd_escape/adv.txtExploit, Patch, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2009-4487?
How severe is CVE-2009-4487?
How do I fix CVE-2009-4487?
Are you affected by CVE-2009-4487?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST