CVE-2009-4489

Name of the Vulnerable Software and Affected Versions Cherokee versions prior to 0.99.32

Description The issue allows remote attackers to potentially modify a window's title or execute arbitrary commands via an HTTP request containing an escape sequence for a terminal emulator, as the software writes data to a log file without sanitizing non-printable characters.

Recommendations For versions prior to 0.99.32, update to version 0.99.32 or later to resolve the issue. As a temporary workaround, consider restricting access to the log file to minimize the risk of exploitation.