Acme.thttpd.and.minihttpd.Command.Injection.Vulnerability

description-logoDescription

mini_httpd is a small HTTP server. It provides a very light weight solution for low traffic sites.
mini_httpd 1.19 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator. (CVE-2009-4490)
thttpd 2.25b0 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator. (CVE-2009-4491)

affected-products-logoAffected Products

mini_httpd versions prior to 1.19
thttpd versions prior to 2.25b

Impact logoImpact

This vulnerability could allow an attacker to execute arbitrary code on a vulnerable system.

recomended-action-logoRecommended Actions

Users are advised to update to the latest version.

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)