thttpd 2.25b0 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator.
References
Configurations
Information
Published : 2010-01-13 12:30
Updated : 2018-10-10 12:49
NVD link : CVE-2009-4491
Mitre link : CVE-2009-4491
JSON object : View
CWE
CWE-20
Improper Input Validation
Products Affected
acme
- thttpd