<div dir="ltr"><div class="gmail_default" style="font-size:small;color:rgb(51,51,153)">I just saw something strange on <a href="http://nginx.org/en/security_advisories.html">http://nginx.org/en/security_advisories.html</a>:<br>
"An error log data are not sanitized<br>Severity: none<br><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4487">CVE-2009-4487</a><br>Not vulnerable: none<br>Vulnerable: all"<br><br></div><div class="gmail_default" style="font-size:small;color:rgb(51,51,153)">
Severity is labelled as 'None', though the CVE talks, among other stuff, about 'arbitrary commands and file write'.<br></div><div class="gmail_default" style="font-size:small;color:rgb(51,51,153)">Is your advisories page wrong? Is the CVE wrong? Has this been solved?<br>
</div><font size="1"><span style="color:rgb(102,102,102)">---<br></span><b><span style="color:rgb(102,102,102)">B. R.</span></b><span style="color:rgb(102,102,102)"></span></font>
</div>