CVE-2009-4493

Name of the Vulnerable Software and Affected Versions Orion Application Server version 2.0.7

Description The issue allows remote attackers to potentially modify a window's title or execute arbitrary commands via an HTTP request containing an escape sequence for a terminal emulator, as the software writes data to a log file without sanitizing non-printable characters.

Recommendations For Orion Application Server version 2.0.7, consider disabling the logging feature to the terminal emulator until a patch is available, and restrict access to the log files to minimize the risk of exploitation.