Acme Thttpd And Mini_httpd Terminal Escape Sequence In Logs Command Injection Vulnerability Network Vulnerability

Summary

Acme 'thttpd' and 'mini_httpd' are prone to a command-injection vulnerability because they fail to adequately sanitize user-supplied input in logfiles. Attackers can exploit this issue to execute arbitrary commands in a terminal. This issue affects thttpd 2.25b and mini_httpd 1.19 other versions may also be affected.

References

http://www.acme.com/software/mini_httpd/
http://www.acme.com/software/thttpd/
http://www.securityfocus.com/archive/1/508830
http://www.securityfocus.com/bid/37714

Updated on 2015-03-25

Severity

Classification

CVE CVE-2009-4490, CVE-2009-4491

CVSS	Base Score: 5.0 AV:N/AC:L/Au:N/C:P/I:N/A:N

Related Vulnerabilities

Ecava IntegraXor Multiple Cross-Site Scripting Vulnerabilities (Windows)
Lil' HTTP Server Cross Site Scripting Vulnerability
IBM WebSphere Application Server (WAS) Multiple Vulnerabilities
Apache Tomcat 'sort' and 'orderBy' Parameters Cross Site Scripting Vulnerabilities
Cherokee URI Directory Traversal Vulnerability and Information Disclosure Vulnerability

Acme thttpd and mini_httpd Terminal Escape Sequence in Logs Command Injection Vulnerability

Take action and discover your vulnerabilities