CVE-2009-4490

EUVD-2009-4457
mini_httpd 1.19 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 88%
Affected Products (NVD)
VendorProductVersion
acmemini_httpd
1.19
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
mini-httpd
bookworm
unimportant
bullseye
unimportant
sid
unimportant
trixie
unimportant
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
mini-httpd
artful
ignored
bionic
needed
cosmic
ignored
dapper
dne
disco
ignored
eoan
ignored
focal
needed
groovy
ignored
hardy
ignored
hirsute
ignored
impish
ignored
intrepid
ignored
jammy
needed
jaunty
ignored
karmic
ignored
kinetic
ignored
lucid
ignored
lunar
ignored
mantic
ignored
maverick
ignored
natty
ignored
noble
needed
oneiric
ignored
precise
ignored
quantal
ignored
raring
ignored
saucy
ignored
trusty
needed
utopic
ignored
vivid
ignored
wily
ignored
xenial
needed
yakkety
ignored
zesty
ignored
Common Weakness Enumeration
References
http://www.securityfocus.com/archive/1/508830/100/0/threaded
http://www.ush.it/team/ush/hack_httpd_escape/adv.txt
http://www.securityfocus.com/archive/1/508830/100/0/threaded
http://www.ush.it/team/ush/hack_httpd_escape/adv.txt