Escape Sequence Injection Vulnerability in WEBrick by Ruby
CVE-2009-4492

Currently unrated

Key Information:

Vendor

Ruby-lang

Status
Webrick
Vendor
CVE Published:
13 January 2010

What is CVE-2009-4492?

The WEBrick web server in specific Ruby versions contains a vulnerability that allows remote attackers to inject escape sequences through crafted HTTP requests. This could lead to potential alterations in window titles and unauthorized command execution or file modification. The flaw arises from the server's handling of non-printable characters in log file entries without appropriate sanitization, creating significant security risks for users running affected versions.

References

http://www.ruby-lang.org/en/news/2010/01/10/webrick-escap...
x_refsource_CONFIRM
http://www.redhat.com/support/errata/RHSA-2011-0909.html
vendor-advisoryx_refsource_REDHAT
http://secunia.com/advisories/37949
third-party-advisoryx_refsource_SECUNIA

EPSS Score

17% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.