Vulnerability Description
nginx 0.7.64 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| F5 | Nginx | 0.7.64 |
References
- http://www.securityfocus.com/archive/1/508830/100/0/threadedBroken LinkThird Party AdvisoryVDB Entry
- http://www.securityfocus.com/bid/37711Broken LinkThird Party AdvisoryVDB Entry
- http://www.ush.it/team/ush/hack_httpd_escape/adv.txtExploitPatchThird Party Advisory
- http://www.securityfocus.com/archive/1/508830/100/0/threadedBroken LinkThird Party AdvisoryVDB Entry
- http://www.securityfocus.com/bid/37711Broken LinkThird Party AdvisoryVDB Entry
- http://www.ush.it/team/ush/hack_httpd_escape/adv.txtExploitPatchThird Party Advisory
FAQ
What is CVE-2009-4487?
CVE-2009-4487 is a vulnerability with a CVSS score of 6.8 (MEDIUM). nginx 0.7.64 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite f...
How severe is CVE-2009-4487?
CVE-2009-4487 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2009-4487?
Check the references section above for vendor advisories and patch information. Affected products include: F5 Nginx.