CVE-2009-4492

Advisory lineage Upstream: 0 Downstream: 2

Downstream

RHSA-2011:0908 RHSA-2011:0909

Modified

Published: 13 Jan 2010, 20:00

Last modified:07 Aug 2024, 07:01

Vulnerability Summary

Overall Risk (default)

medium

44/100

CVSS Score

7.5 HIGH

v2.0 (nvd)

EPSS Score

21.1% HIGH

21% probability +3.42%

KEV

Not listed

Ransomware

No reports

Public exploits

4 found

Dark Web

Not detected

Timeline

13 Jan 2010, 20:00

Published

Vulnerability first disclosed

07 Aug 2024, 07:01

Last Modified

Vulnerability information updated

Description

WEBrick 1.3.1 in Ruby 1.8.6 through patchlevel 383, 1.8.7 through patchlevel 248, 1.8.8dev, 1.9.1 through patchlevel 376, and 1.9.2dev writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator.

CVSS Metrics

v2.0•HIGH•Score: 7.5AV:N/AC:L/Au:N/C:P/I:P/A:P

EPSS Trends

Current EPSS score: 21.10%• Percentile: 96%

Affected Systems

ruby-lang•webrick
1.3.1