CVE-2009-4495

Name of the Vulnerable Software and Affected Versions Yaws version 1.85

Description The issue allows remote attackers to potentially modify a window's title or execute arbitrary commands via an HTTP request containing an escape sequence for a terminal emulator, as Yaws writes data to a log file without sanitizing non-printable characters.

Recommendations For Yaws version 1.85, consider sanitizing non-printable characters in log files to prevent potential exploitation. As a temporary workaround, restrict access to the log files and terminal emulators to minimize the risk of arbitrary command execution.