Description

header.c in Cherokee before 0.99.32 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator.

Remediation

References

CVE-2009-4489

Related Vulnerabilities

Liferay Portal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-33339)

WordPress Plugin No Follow All External Links Spam Injection (2.3.0)

phpMyFAQ Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-1761)

WordPress Plugin Crayon Syntax Highlighter Security Bypass (2.6.10)

WordPress Plugin User Profile Builder-Beautiful User Registration Forms, User Profiles & User Role Editor Information Disclosure (3.9.0)

Severity

Medium

Classification

CVE-2009-4489 CWE-20

Tags

Missing Update Known Vulnerabilities