Strange advisory

Kurt Cancemi kurt at
Sat May 10 19:41:27 UTC 2014


This has not been fixed in current nginx releases, this is not
directly related to nginx either, the problem is outdated terminal
emulators would parse the potentially malicious commands in the log
file. This answer explains it

Kurt Cancemi

On Sat, May 10, 2014 at 2:59 PM, B.R. <reallfqq-nginx at> wrote:
> I just saw something strange on
> "An error log data are not sanitized
> Severity: none
> CVE-2009-4487
> Not vulnerable: none
> Vulnerable: all"
> Severity is labelled as 'None', though the CVE talks, among other stuff,
> about 'arbitrary commands and file write'.
> Is your advisories page wrong? Is the CVE wrong? Has this been solved?
> ---
> B. R.
> _______________________________________________
> nginx mailing list
> nginx at

More information about the nginx mailing list