CVE-2009-4492

Name of the Vulnerable Software and Affected Versions Ruby versions 1.8.6 through patchlevel 383 Ruby versions 1.8.7 through patchlevel 248 Ruby version 1.8.8dev Ruby versions 1.9.1 through patchlevel 376 Ruby version 1.9.2dev

Description The issue allows remote attackers to potentially modify a window's title or execute arbitrary commands via an HTTP request containing an escape sequence for a terminal emulator, as WEBrick writes data to a log file without sanitizing non-printable characters.

Recommendations For Ruby versions 1.8.6 through patchlevel 383, update to a version with the necessary security patches. For Ruby versions 1.8.7 through patchlevel 248, update to a version with the necessary security patches. For Ruby version 1.8.8dev, apply the available security fix. For Ruby versions 1.9.1 through patchlevel 376, update to a version with the necessary security patches. For Ruby version 1.9.2dev, apply the available security fix.