CVE-2009-4496

Name of the Vulnerable Software and Affected Versions Boa versions 0.94.14rc21

Description The issue allows remote attackers to potentially modify a window's title, execute arbitrary commands, or overwrite files via an HTTP request containing an escape sequence for a terminal emulator. This occurs because the software writes data to a log file without sanitizing non-printable characters.

Recommendations For Boa version 0.94.14rc21, as a temporary workaround, consider restricting access to the log file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.