Launchpad.net

CVE 2009-4487

nginx 0.7.64 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator.

Related bugs and status

CVE-2009-4487 (Candidate) is related to these bugs:

Bug #511681: Latest Nginx package appears to need Security Updates

Summary				In	Importance	Status
	511681	Latest Nginx package appears to need Security Updates		nginx (Ubuntu)	Medium	Fix Released

Bug #956150: March 15th 2012 Security Advisory

		In	Importance	Status
956150	March 15th 2012 Security Advisory	nginx (Ubuntu)	Medium	Fix Released
956150	March 15th 2012 Security Advisory	nginx (Ubuntu Lucid)	Medium	Fix Released
956150	March 15th 2012 Security Advisory	nginx (Ubuntu Maverick)	Medium	Won't Fix
956150	March 15th 2012 Security Advisory	nginx (Ubuntu Natty)	Medium	Fix Released
956150	March 15th 2012 Security Advisory	nginx (Ubuntu Oneiric)	Medium	Fix Released
956150	March 15th 2012 Security Advisory	nginx (Ubuntu Precise)	Medium	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2009-4487

Related bugs and status

Related bugs

References