Summary
The 'nginx' program is prone to a command-injection vulnerability because it fails to adequately sanitize user-supplied input in log files.
Attackers can exploit this issue to execute arbitrary commands in a terminal.
This issue affects nginx 0.7.64
other versions may also be affected.
References
Severity
Classification
-
CVE CVE-2009-4487 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:P/I:N/A:N
Related Vulnerabilities
- Apache mod_include priviledge escalation
- Apache HTTP Server Multiple Remote Denial of Service Vulnerabilities
- Acme thttpd and mini_httpd Terminal Escape Sequence in Logs Command Injection Vulnerability
- IBM WebSphere Application Server 'plugin-key.kdb' Information Disclosure Vulnerability
- bozohttpd Security Bypass Vulnerability