Published: 13/01/2010 Updated: 10/10/2018

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

VMScore: 505

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

mini_httpd 1.19 writes data to a log file without sanitizing non-printable characters, which might allow remote malicious users to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator.

Vulnerable Product	Search on Vulmon	Subscribe to Product
acme mini httpd 1.19

source: wwwsecurityfocuscom/bid/37714/info Acme 'thttpd' and 'mini_httpd' are prone to a command-injection vulnerability because they fail to adequately sanitize user-supplied input in logfiles Attackers can exploit this issue to execute arbitrary commands in a terminal This issue affects thttpd 225b and mini_httpd 119; other ver ...

Nginx, Varnish, Cherokee, thttpd, mini-httpd, WEBrick, Orion, AOLserver, Yaws and Boa are subject to log escape sequence injection vulnerabilities ...

CWE-20 http://www.ush.it/team/ush/hack_httpd_escape/adv.txt http://www.securityfocus.com/archive/1/508830/100/0/threaded https://nvd.nist.gov https://www.exploit-db.com/exploits/33500/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2009-4490

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect