CVE-2009-4489
published 2010-01-13CVE-2009-4489: header.c in Cherokee before 0.99.32 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a…
PriorityP432medium5CVSS 2.0
AVNACLAuNCPINAN
EXPLOIT
EPSS
9.62%
94.9th percentile
header.c in Cherokee before 0.99.32 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cherokee-project | cherokee | <= 0.99.31 | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Greynoiseio
Malicious Tag Roundup (October 2021)
blogs_greynoiseio·CVSS 10.0
[CRITICAL] Malicious Tag Roundup (October 2021)
CVE Disclosure Early Warning Get an early warning when traffic spikes indicate a high likelihood of new disclosures
Compromised Asset Detection Find out immediately if an asset communicates with a malicious IP address
Vulnerability Prioritization Get real-time insight into active exploitation trends to better understand risk and severity
SOC Efficiency Filter out noisy, low priority and false-positive alerts from mass internet scanners
Incident Investigation Add context to incidents to speed the determinations of scope and timelines
Threat Hunting Quickly identify anomalous behavior and enrich your threat hunting campaigns
Why GreyNoise
CVE Disclosure Early Warning Get an early warning when traffic spikes indicate a high likelihood of new disclosures
Compromised Asset Detection Fin
Bugzilla
CVE-2009-4487 nginx: Absent sanitation of escape sequences in web server log
bugzilla·2010-02-08·CVSS 5.0
CVE-2009-4487 [MEDIUM] CVE-2009-4487 nginx: Absent sanitation of escape sequences in web server log
CVE-2009-4487 nginx: Absent sanitation of escape sequences in web server log
Common Vulnerabilities and Exposures assigned an identifier CVE-2009-4487 to
the following vulnerability:
nginx 0.7.64 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator.
References:
[1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4487
[2] http://www.securityfocus.com/archive/1/archive/1/508830/100/0/threaded
[3] http://www.ush.it/team/ush/hack_httpd_escape/adv.txt
[4] http://www.securityfocus.com/bid/37711
Upstream status:
[5] http://nginx.org/en/security_advisories.html contains record
http://secunia.com/advisories/37933http://svn.cherokee-project.com/changeset/3944http://svn.cherokee-project.com/changeset/3977http://www.securityfocus.com/archive/1/508830/100/0/threadedhttp://www.securityfocus.com/bid/37715http://www.ush.it/team/ush/hack_httpd_escape/adv.txthttp://www.vupen.com/english/advisories/2010/0090http://secunia.com/advisories/37933http://svn.cherokee-project.com/changeset/3944http://svn.cherokee-project.com/changeset/3977http://www.securityfocus.com/archive/1/508830/100/0/threadedhttp://www.securityfocus.com/bid/37715http://www.ush.it/team/ush/hack_httpd_escape/adv.txthttp://www.vupen.com/english/advisories/2010/0090
2010-01-13
Published