Strange advisory

Lukas Tribus luky-37 at
Sat May 10 19:45:14 UTC 2014


> I just saw something strange on
> "An error log data are not sanitized
> Severity: none
> CVE-2009-4487
> Not vulnerable: none
> Vulnerable: all"
> Severity is labelled as 'None', though the CVE talks, among other stuff,
> about 'arbitrary commands and file write'.
> Is your advisories page wrong? Is the CVE wrong? Has this been solved?

Afaik the nginx developers didn't agree with this CVE advisory, because its
actually a terminal problem. Nginx cannot be exploited, but the user when
looking at the log files can.

Read the advisory for details [1].




More information about the nginx mailing list