Hello, This has not been fixed in current nginx releases, this is not directly related to nginx either, the problem is outdated terminal emulators would parse the potentially malicious commands in the log file. This answer http://unix.stackexchange.com/a/15210 explains it better.
--- Regards, Kurt Cancemi On Sat, May 10, 2014 at 2:59 PM, B.R. <reallfqq-ng...@yahoo.fr> wrote: > I just saw something strange on > http://nginx.org/en/security_advisories.html: > "An error log data are not sanitized > Severity: none > CVE-2009-4487 > Not vulnerable: none > Vulnerable: all" > > Severity is labelled as 'None', though the CVE talks, among other stuff, > about 'arbitrary commands and file write'. > Is your advisories page wrong? Is the CVE wrong? Has this been solved? > --- > B. R. > > _______________________________________________ > nginx mailing list > nginx@nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx _______________________________________________ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx