Vulnerability Name: CVE-2009-4491 (CCN-55533) Assigned: 2009-12-30 Published: 2010-01-11 Updated: 2018-10-10 Summary: thttpd 2.25b0 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator. CVSS v3 Severity: 5.6 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L Exploitability Metrics: Attack Vector (AV): NetworkAttack Complexity (AC): HighPrivileges Required (PR): NoneUser Interaction (UI): NoneScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): LowIntegrity (I): LowAvailibility (A): Low
CVSS v2 Severity: 5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N 3.9 Low (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N/E:POC/RL:OF/RC:C Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): LowAuthentication (Au): NoneImpact Metrics: Confidentiality (C): PartialIntegrity (I): NoneAvailibility (A): None
5.1 Medium (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P 4.0 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P/E:POC/RL:OF/RC:C Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): HighAthentication (Au): NoneImpact Metrics: Confidentiality (C): PartialIntegrity (I): PartialAvailibility (A): Partial
Vulnerability Type: CWE-20 Vulnerability Consequences: Gain Access References: Source: MITRECVE-2009-4487 CVE-2009-4488 CVE-2009-4489 CVE-2009-4490 CVE-2009-4491 CVE-2009-4492 CVE-2009-4493 CVE-2009-4494 CVE-2009-4495 CVE-2009-4496 CVE-2009-4611 Moderate: ruby security update Moderate: ruby security update Cherokee Terminal Escape Sequence Weakness Ruby WEBrick Terminal Escape Sequences Weakness Ruby WEBrick Input Validation Flaw Lets Remote Users Inject Terminal Commands Varnish thttpd AOLserver Boa Cherokee Web Server Ruby: Terminal Control Character Injection Vulnerabilities found in IBM Sterling B2B Integrator and IBM Sterling File Gateway (CVE-2011-4461, CVS-2009-4612, CVE-2009-4611, CVE-2009-4610, CVS-2009-4609, CVE-2009-1524, CVE-2009-1523) nginx Orion Application Server Boa HTTP Request Escape Sequence Terminal Command Injection Yaws HTTP Request Escape Sequence Terminal Command Injection AOLserver HTTP Request Escape Sequence Terminal Command Injection Orion Application Server HTTP Request Escape Sequence Terminal Command Injection WEBrick HTTP Request Escape Sequence Terminal Command Injection thttpd HTTP Request Escape Sequence Terminal Command Injection mini_httpd HTTP Request Escape Sequence Terminal Command Injection Cherokee Web Server header.c HTTP Request Escape Sequence Terminal Command Injection Varnish HTTP Request Escape Sequence Terminal Command Injection nginx HTTP Request Escape Sequence Terminal Command Injection Jetty Backtrace Data Manipulation Remote Code Execution WEBrick has an Escape Sequence Injection vulnerability 20100110 Nginx, Varnish, Cherokee, thttpd, mini-httpd, WEBrick, Orion, AOLserver, Yaws and Boa log escape sequence injection Ruby WEBrick Terminal Escape Sequence in Logs Command Injection Vulnerability nginx Terminal Escape Sequence in Logs Command Injection Vulnerability AOLServer Terminal Escape Sequence in Logs Command Injection Vulnerability Varnish Terminal Escape Sequence in Logs Command Injection Vulnerability Acme thttpd and mini_httpd Terminal Escape Sequence in Logs Command Injection Vulnerability Cherokee Terminal Escape Sequence in Logs Command Injection Vulnerability Yaws Terminal Escape Sequence in Logs Command Injection Vulnerability Orion Application Server Terminal Escape Sequence in Logs Command Injection Vulnerability Boa Webserver Terminal Escape Sequence in Logs Command Injection Vulnerability Jetty Terminal Escape Sequence in Logs Command Injection Vulnerability Ruby vulnerabilities Nginx, Varnish, Cherokee, thttpd, mini-httpd, WEBrick, Orion, AOLserver, Yaws and Boa log escape sequence injection http://www.ush.it/team/ush/hack_httpd_escape/adv.txt Yaws ruby-webrick-command-execution(55533) Provision to add https and Secure Flag to bayeux_browser cookie for IBM Control Desk. Vulnerable Configuration: Configuration 1 :cpe:/a:acme:thttpd:2.25:b:*:*:*:*:*:* Configuration CCN 1 :cpe:/a:ruby-lang:ruby:1.8.6:*:*:*:*:*:*:* OR cpe:/a:ruby-lang:ruby:1.8.7:*:*:*:*:*:*:* OR cpe:/a:ruby-lang:ruby:1.9.1:*:*:*:*:*:*:* OR cpe:/a:mortbay:jetty:6.0.2:*:*:*:*:*:*:* OR cpe:/a:mortbay:jetty:6.0.1:*:*:*:*:*:*:* OR cpe:/a:mortbay:jetty:6:*:*:*:*:*:*:* OR cpe:/a:mortbay:jetty:6.0.0:rc4:*:*:*:*:*:* OR cpe:/a:mortbay:jetty:6.0.0:rc3:*:*:*:*:*:* OR cpe:/a:mortbay:jetty:6.0.0:rc2:*:*:*:*:*:* OR cpe:/a:mortbay:jetty:6.0.0:rc1:*:*:*:*:*:* OR cpe:/a:mortbay:jetty:6.0.0:rc0:*:*:*:*:*:* OR cpe:/a:mortbay:jetty:6.0.0:beta17:*:*:*:*:*:* OR cpe:/a:mortbay:jetty:6.0.0:beta16:*:*:*:*:*:* OR cpe:/a:mortbay:jetty:6.0.0:beta15:*:*:*:*:*:* OR cpe:/a:mortbay:jetty:6.0.0:beta14:*:*:*:*:*:* OR cpe:/a:mortbay:jetty:6.0.0:beta12:*:*:*:*:*:* OR cpe:/a:mortbay:jetty:6.0.0:beta11:*:*:*:*:*:* OR cpe:/a:mortbay:jetty:6.0.0:beta10:*:*:*:*:*:* OR cpe:/a:mortbay:jetty:6.0.0:beta9:*:*:*:*:*:* OR cpe:/a:mortbay:jetty:6.0.0:beta8:*:*:*:*:*:* OR cpe:/a:mortbay:jetty:6.0.0:beta7:*:*:*:*:*:* OR cpe:/a:mortbay:jetty:6.0.0:beta6:*:*:*:*:*:* OR cpe:/a:mortbay:jetty:6.0.0:beta5:*:*:*:*:*:* OR cpe:/a:mortbay:jetty:6.0.0:beta4:*:*:*:*:*:* OR cpe:/a:mortbay:jetty:6.0.0:beta3:*:*:*:*:*:* OR cpe:/a:mortbay:jetty:6.0.0:beta2:*:*:*:*:*:* OR cpe:/a:mortbay:jetty:6.0.0:beta1:*:*:*:*:*:* OR cpe:/a:mortbay:jetty:6.0.0:beta0:*:*:*:*:*:* OR cpe:/a:mortbay:jetty:6.0.0:alpha3:*:*:*:*:*:* OR cpe:/a:mortbay:jetty:6.0.0:alpha2:*:*:*:*:*:* OR cpe:/a:mortbay:jetty:6.0.0:alpha1:*:*:*:*:*:* OR cpe:/a:mortbay:jetty:6.0.0:alpha0:*:*:*:*:*:* OR cpe:/a:mortbay:jetty:6.0.0:betax:*:*:*:*:*:* OR cpe:/a:varnish-cache:varnish:2.0.6:*:*:*:*:*:*:* OR cpe:/a:cherokee-project:cherokee:0.99.30:*:*:*:*:*:*:* OR cpe:/a:acme:thttpd:2.25:b0:*:*:*:*:*:* OR cpe:/a:acme:mini_httpd:1.19:*:*:*:*:*:*:* OR cpe:/a:orionserver:orion_application_server:2.0.7:*:*:*:*:*:*:* OR cpe:/a:aol:aolserver:4.5.1:*:*:*:*:*:*:* OR cpe:/a:yaws:yaws:1.85:*:*:*:*:*:*:* OR cpe:/a:boa:boa:0.94.14:rc21:*:*:*:*:*:* OR cpe:/a:igor_sysoev:nginx:0.7.64:*:*:*:*:*:*:* OR cpe:/a:ruby-lang:ruby:1.8.6:p383:*:*:*:*:*:* OR cpe:/a:ruby-lang:ruby:1.8.7:p248:*:*:*:*:*:* OR cpe:/a:ruby-lang:ruby:1.9.1:p376:*:*:*:*:*:* OR cpe:/a:webrick:webrick:1.3.1:*:*:*:*:*:*:* OR cpe:/a:ruby-lang:ruby:1.8.8:dev:*:*:*:*:*:* OR cpe:/a:ruby-lang:ruby:1.9.2:dev:*:*:*:*:*:* AND cpe:/o:gentoo:linux:-:*:*:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:* OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:4.0:*:*:*:*:*:*:* OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:4.0::x86_64:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:5::client_workstation:*:*:*:*:* OR cpe:/o:mandrakesoft:mandrake_linux:2008.0:x86_64:*:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:5::client:*:*:*:*:* OR cpe:/o:mandrakesoft:mandrake_linux:2008.0:*:*:*:*:*:*:* OR cpe:/o:mandriva:linux:2009.0:*:*:*:*:*:*:* OR cpe:/o:mandriva:linux:2009.0:-:x86_64:*:*:*:*:* OR cpe:/o:canonical:ubuntu:8.10:*:*:*:*:*:*:* OR cpe:/o:mandriva:linux:2009.1:*:*:*:*:*:*:* OR cpe:/o:mandriva:linux:2009.1:*:*:*:x86_64:*:*:* OR cpe:/o:redhat:enterprise_linux:4.8.z:*:es:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:4.8.z:*:as:*:*:*:*:* OR cpe:/o:mandriva:enterprise_server:5:*:*:*:*:*:*:* OR cpe:/o:mandriva:enterprise_server:5:*:*:*:x86_64:*:*:* OR cpe:/o:mandriva:linux:2010:*:*:*:x86_64:*:*:* OR cpe:/o:mandriva:linux:2010:*:*:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux_long_life:5.6:*:*:*:*:*:*:* OR cpe:/a:ibm:sterling_b2b_integrator:5.1:*:*:*:*:*:*:* OR cpe:/a:ibm:sterling_b2b_integrator:5.2:*:*:*:*:*:*:* OR cpe:/a:ibm:control_desk:7.6.1:*:*:*:*:*:*:* BACK
acme thttpd 2.25 b
ruby-lang ruby 1.8.6
ruby-lang ruby 1.8.7
ruby-lang ruby 1.9.1
mortbay jetty 6.0.2
mortbay jetty 6.0.1
mortbay jetty 6
mortbay jetty 6.0.0 rc4
mortbay jetty 6.0.0 rc3
mortbay jetty 6.0.0 rc2
mortbay jetty 6.0.0 rc1
mortbay jetty 6.0.0 rc0
mortbay jetty 6.0.0 beta17
mortbay jetty 6.0.0 beta16
mortbay jetty 6.0.0 beta15
mortbay jetty 6.0.0 beta14
mortbay jetty 6.0.0 beta12
mortbay jetty 6.0.0 beta11
mortbay jetty 6.0.0 beta10
mortbay jetty 6.0.0 beta9
mortbay jetty 6.0.0 beta8
mortbay jetty 6.0.0 beta7
mortbay jetty 6.0.0 beta6
mortbay jetty 6.0.0 beta5
mortbay jetty 6.0.0 beta4
mortbay jetty 6.0.0 beta3
mortbay jetty 6.0.0 beta2
mortbay jetty 6.0.0 beta1
mortbay jetty 6.0.0 beta0
mortbay jetty 6.0.0 alpha3
mortbay jetty 6.0.0 alpha2
mortbay jetty 6.0.0 alpha1
mortbay jetty 6.0.0 alpha0
mortbay jetty 6.0.0 betax
varnish-cache varnish 2.0.6
cherokee-project cherokee 0.99.30
acme thttpd 2.25 b0
acme mini httpd 1.19
orionserver orion application server 2.0.7
aol aolserver 4.5.1
yaws yaws 1.85
boa boa 0.94.14 rc21
igor_sysoev nginx 0.7.64
ruby-lang ruby 1.8.6 p383
ruby-lang ruby 1.8.7 p248
ruby-lang ruby 1.9.1 p376
webrick webrick 1.3.1
ruby-lang ruby 1.8.8 dev
ruby-lang ruby 1.9.2 dev
gentoo linux -
redhat enterprise linux 4
redhat enterprise linux 4
redhat enterprise linux 4
redhat enterprise linux 4
mandrakesoft mandrake linux corporate server 4.0
mandrakesoft mandrake linux corporate server 4.0
redhat enterprise linux 5
redhat enterprise linux 5
mandrakesoft mandrake linux 2008.0 x86_64
redhat enterprise linux 5
mandrakesoft mandrake linux 2008.0
mandriva linux 2009.0
mandriva linux 2009.0 -
canonical ubuntu 8.10
mandriva linux 2009.1
mandriva linux 2009.1
redhat enterprise linux 4.8.z
redhat enterprise linux 4.8.z
mandriva enterprise server 5
mandriva enterprise server 5
mandriva linux 2010
mandriva linux 2010
redhat enterprise linux long life 5.6
ibm sterling b2b integrator 5.1
ibm sterling b2b integrator 5.2
ibm control desk 7.6.1
Denotes that component is vulnerable