CVE-2009-4487

ADVISORY - nist

Summary

nginx 0.7.64 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator.

EPSS Score⁠: 0.02235 (0.846)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-noinfo⁠

Impacted images

Advisories

NIST

CREATED

16 years ago

UPDATED

1 year ago

ADVISORY IDCVE-2009-4487⁠

EXPLOITABILITY SCORE

8.6

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-noinfo⁠

CVSS SCORE

6.8medium

Debian

CREATED

16 years ago

UPDATED

4 days ago

ADVISORY IDCVE-2009-4487⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Alow

Ubuntu

CREATED

16 years ago

UPDATED

1 year ago

ADVISORY IDCVE-2009-4487⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Amedium

Red Hat

CREATED

16 years ago

UPDATED

1 year ago

ADVISORY IDCVE-2009-4487⁠

EXPLOITABILITY SCORE

4.9

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

2.6low

intheWild

CREATED

1 year ago

UPDATED

1 year ago

ADVISORY IDCVE-2009-4487⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY