Description
mod_rewrite.c in the mod_rewrite module in the Apache HTTP Server 2.2.x before 2.2.25 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to execute arbitrary commands via an HTTP request containing an escape sequence for a terminal emulator.
Remediation
References
Related Vulnerabilities
IBM WebSEAL Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-1476)
WordPress Plugin Catch Infinite Scroll Security Bypass (1.8.1)
Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2014-7834)