Published: 13/01/2010 Updated: 10/11/2021

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

VMScore: 685

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

nginx 0.7.64 writes data to a log file without sanitizing non-printable characters, which might allow remote malicious users to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator.

Vulnerable Product	Search on Vulmon	Subscribe to Product
f5 nginx 0.7.64

source: wwwsecurityfocuscom/bid/37711/info The 'nginx' program is prone to a command-injection vulnerability because it fails to adequately sanitize user-supplied input in log files Attackers can exploit this issue to execute arbitrary commands in a terminal This issue affects nginx 0764; other versions may also be affected The fo ...

Nginx, Varnish, Cherokee, thttpd, mini-httpd, WEBrick, Orion, AOLserver, Yaws and Boa are subject to log escape sequence injection vulnerabilities ...

NVD-CWE-noinfo http://www.securityfocus.com/bid/37711 http://www.ush.it/team/ush/hack_httpd_escape/adv.txt http://www.securityfocus.com/archive/1/508830/100/0/threaded https://nvd.nist.gov https://www.exploit-db.com/exploits/33490/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2009-4487

Vulnerability Summary

Vulnerability Trend

Exploits

References

Vulmon Search

About

Products

Connect