CVE-2009-4489

NONE EPSS 94.9%
Published Jan 13, 201016y ago · Modified Jun 16, 20262w ago
Find Similar
Published Jan 13, 2010 16y ago
Last Modified Jun 16, 2026 2w ago

Description

header.c in Cherokee before 0.99.32 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator.

Threat Intelligence

EPSS Exploit Probability
94.9% percentile
Exploit & Patch Status
Public Exploit Known
Patch Available

Weaknesses 1

CWE-20 Improper Input Validation Validation

Affected Products 1

VendorProductVersionRange
cherokee-projectcherokee* ≤0.99.31

References 7

Remediation