CVE-2009-4494

Name of the Vulnerable Software and Affected Versions AOLserver version 4.5.1

Description The issue allows remote attackers to potentially modify a window's title or execute arbitrary commands via an HTTP request containing an escape sequence for a terminal emulator, as the software writes data to a log file without sanitizing non-printable characters.

Recommendations For AOLserver version 4.5.1, consider sanitizing non-printable characters in log files to prevent potential exploitation. As a temporary workaround, restrict access to the log files to minimize the risk of arbitrary command execution. At the moment, there is no information about a newer version that contains a fix for this vulnerability.