CVE-2013-1862
Published: 10 June 2013
mod_rewrite.c in the mod_rewrite module in the Apache HTTP Server 2.2.x before 2.2.25 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to execute arbitrary commands via an HTTP request containing an escape sequence for a terminal emulator.
Notes
Author | Note |
---|---|
mdeslaur | doesn't affect 2.4.x, logs are escaped |
Priority
Status
Package | Release | Status |
---|---|---|
apache2 Launchpad, Ubuntu, Debian |
upstream |
Needs triage
|
lucid |
Released
(2.2.14-5ubuntu8.12)
|
|
precise |
Released
(2.2.22-1ubuntu1.4)
|
|
quantal |
Released
(2.2.22-6ubuntu2.3)
|
|
raring |
Released
(2.2.22-6ubuntu5.1)
|
|
Patches: upstream: http://svn.apache.org/viewvc?view=revision&revision=1482349 (2.2) |