Acme.thttpd.and.minihttpd.Command.Injection.Vulnerability
Description
mini_httpd is a small HTTP server. It provides a very light weight solution for low traffic sites.
mini_httpd 1.19 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator. (CVE-2009-4490)
thttpd 2.25b0 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator. (CVE-2009-4491)
Affected Products
mini_httpd versions prior to 1.19
thttpd versions prior to 2.25b
Impact
This vulnerability could allow an attacker to execute arbitrary code on a vulnerable system.
Recommended Actions
Users are advised to update to the latest version.
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |