Nginx Terminal Escape Sequence In Logs Command Injection Vulnerability Network Vulnerability

Summary

The 'nginx' program is prone to a command-injection vulnerability because it fails to adequately sanitize user-supplied input in log files. Attackers can exploit this issue to execute arbitrary commands in a terminal. This issue affects nginx 0.7.64 other versions may also be affected.

References

http://nginx.net/
http://www.securityfocus.com/archive/1/508830
http://www.securityfocus.com/bid/37711

Updated on 2015-03-25

Severity

Classification

CVE CVE-2009-4487

CVSS	Base Score: 5.0 AV:N/AC:L/Au:N/C:P/I:N/A:N

Related Vulnerabilities

IIS 5.0 Sample App reveals physical path of web root
IBM WebSphere Application Server 'plugin-key.kdb' Information Disclosure Vulnerability
IBM WebSphere Application Server (WAS) Cross-site Scripting Vulnerability
AOLServer Terminal Escape Sequence in Logs Command Injection Vulnerability
F*EX (Frams's Fast File EXchange) Multiple XSS Vulnerabilities

nginx Terminal Escape Sequence in Logs Command Injection Vulnerability

Take action and discover your vulnerabilities