Published: 13/01/2010 Updated: 01/08/2023

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

VMScore: 755

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

WEBrick 1.3.1 in Ruby 1.8.6 through patchlevel 383, 1.8.7 through patchlevel 248, 1.8.8dev, 1.9.1 through patchlevel 376, and 1.9.2dev writes data to a log file without sanitizing non-printable characters, which might allow remote malicious users to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator.

Vulnerable Product	Search on Vulmon	Subscribe to Product
ruby-lang webrick 1.3.1

Emmanouel Kellinis discovered that Ruby did not properly handle certain string operations An attacker could exploit this issue and possibly execute arbitrary code with application privileges (CVE-2009-4124) ...

source: wwwsecurityfocuscom/bid/37710/info Ruby WEBrick is prone to a command-injection vulnerability because it fails to adequately sanitize user-supplied input in log files Attackers can exploit this issue to execute arbitrary commands in a terminal Versions *prior to* the following are affected: Ruby 186 patchlevel 388 Ruby 18 ...

Nginx, Varnish, Cherokee, thttpd, mini-httpd, WEBrick, Orion, AOLserver, Yaws and Boa are subject to log escape sequence injection vulnerabilities ...

NVD-CWE-noinfo http://www.ush.it/team/ush/hack_httpd_escape/adv.txt http://www.securityfocus.com/bid/37710 http://securitytracker.com/id?1023429 http://secunia.com/advisories/37949 http://www.ruby-lang.org/en/news/2010/01/10/webrick-escape-sequence-injection http://www.vupen.com/english/advisories/2010/0089 http://www.redhat.com/support/errata/RHSA-2011-0908.html http://www.redhat.com/support/errata/RHSA-2011-0909.html http://www.securityfocus.com/archive/1/508830/100/0/threaded https://usn.ubuntu.com/900-1/https://nvd.nist.gov https://www.exploit-db.com/exploits/33489/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2009-4492

Vulnerability Summary

Vendor Advisories

Exploits

References

Vulmon Search

About

Products

Connect