CVE-2013-1862

Published: 10 June 2013

mod_rewrite.c in the mod_rewrite module in the Apache HTTP Server 2.2.x before 2.2.25 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to execute arbitrary commands via an HTTP request containing an escape sequence for a terminal emulator.

Priority

Low

Status

Package Release Status
apache2
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 12.04 ESM (Precise Pangolin)
Released (2.2.22-1ubuntu1.4)
Patches:
Upstream: http://svn.apache.org/viewvc?view=revision&revision=1482349 (2.2)