Strange advisory
Kurt Cancemi
kurt at x64architecture.com
Sat May 10 19:41:27 UTC 2014
Hello,
This has not been fixed in current nginx releases, this is not
directly related to nginx either, the problem is outdated terminal
emulators would parse the potentially malicious commands in the log
file. This answer http://unix.stackexchange.com/a/15210 explains it
better.
---
Regards,
Kurt Cancemi
On Sat, May 10, 2014 at 2:59 PM, B.R. <reallfqq-nginx at yahoo.fr> wrote:
> I just saw something strange on
> http://nginx.org/en/security_advisories.html:
> "An error log data are not sanitized
> Severity: none
> CVE-2009-4487
> Not vulnerable: none
> Vulnerable: all"
>
> Severity is labelled as 'None', though the CVE talks, among other stuff,
> about 'arbitrary commands and file write'.
> Is your advisories page wrong? Is the CVE wrong? Has this been solved?
> ---
> B. R.
>
> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx
More information about the nginx
mailing list