CVE-2009-4487

medium F5
CVSS v3 Base Score
6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P
EPSS Score
2.2%
Exploitation probability in 30 days
Top 15% most likely to be exploited
Attack Characteristics
Attack Vector
Network
Attack Complexity
M
Confidentiality
P
Integrity
P
Availability
P
Published: January 13, 2010 (5964 days ago)
Last Modified: April 23, 2026
Vendor: F5
Source: NVD

Description

nginx 0.7.64 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator.

CWE

NVD-CWE-noinfo

Affected Products

f5 nginx

References

🔗 www.securityfocus.com 🔗 www.securityfocus.com 🔗 www.ush.it 🔗 www.securityfocus.com 🔗 www.securityfocus.com