UBUNTU-CVE-2009-4494

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/CVE-2009-4494

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2009/UBUNTU-CVE-2009-4494.json

JSON Data

https://api.osv.dev/v1/vulns/UBUNTU-CVE-2009-4494

Upstream

CVE-2009-4494

Published

2010-01-13T20:30:00Z

Modified

2026-04-22T08:43:28.282537Z

Severity

Ubuntu - negligible

Summary

[none]

Details

AOLserver 4.5.1 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator.

References

Affected packages

Ubuntu:16.04:LTS / aolserver4

Package

Name: aolserver4
Purl: pkg:deb/ubuntu/aolserver4@4.5.1-18?arch=source&distro=xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

4.*

4.5.1-18

Ecosystem specific

{
    "binaries": [
        {
            "binary_version": "4.5.1-18",
            "binary_name": "aolserver4-core"
        },
        {
            "binary_version": "4.5.1-18",
            "binary_name": "aolserver4-daemon"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2009/UBUNTU-CVE-2009-4494.json"

Ubuntu:18.04:LTS / aolserver4