Acme thttpd and mini_httpd Terminal Escape Sequence in Logs Command Injection Vulnerability

Acme 'thttpd' and 'mini_httpd' are prone to a command-injection vulnerability because they fail to adequately sanitize user-supplied input in logfiles.

Attackers can exploit this issue to execute arbitrary commands in a terminal.

This issue affects thttpd 2.25b and mini_httpd 1.19; other versions may also be affected.


 

Privacy Statement
Copyright 2010, SecurityFocus