CVE-2009-4491

Name of the Vulnerable Software and Affected Versions thttpd version 2.25b0

Description The issue allows remote attackers to potentially modify a window's title or execute arbitrary commands via an HTTP request containing an escape sequence for a terminal emulator. This is due to thttpd writing data to a log file without sanitizing non-printable characters.

Recommendations For thttpd version 2.25b0, consider disabling the logging feature to the terminal emulator until a patch is available, and restrict access to the log files to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.