PT-2010-1348 · Acme.Com+2 · Mini Httpd+2

Alessandro Tanasi

Publicado

2010-01-13

Atualizado

2024-10-17

CVE-2009-4490

CVSS v2.0

5.0

Média

Vetor

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions mini httpd version 1.19

Description The issue allows remote attackers to potentially modify a window's title or execute arbitrary commands via an HTTP request containing an escape sequence for a terminal emulator, as mini httpd writes data to a log file without sanitizing non-printable characters.

Recommendations For mini httpd version 1.19, consider sanitizing non-printable characters in log data to prevent potential exploitation. As a temporary workaround, restrict access to the log file to minimize the risk of arbitrary command execution.

Exploit

Correção

RCE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-20

Identificadores relacionados

ALT-PU-2020-2953

ALT-PU-2021-3120

ALT-PU-2024-14062

CVE-2009-4490

Produtos afetados

Alt Linux

Debian

Mini Httpd

PT-2010-1348 · Acme.Com+2 · Mini Httpd+2

CVE-2009-4490

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 21