Description

nginx 0.7.64 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator.

Remediation

References

CVE-2009-4487

Related Vulnerabilities

Craft CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-28378)

WordPress Plugin Zingiri Web Shop 'wpabspath' Parameter Remote File Include (2.2.0)

Contao Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2024-45398)

WordPress Plugin Advanced AJAX Page Loader Cross-Site Request Forgery (2.7.7)

FrontAccounting Cross-site Request Forgery (CSRF) Vulnerability (CVE-2018-7176)

Severity

Medium

Classification

CVE-2009-4487

Tags

Missing Update Known Vulnerabilities