Description

mod_rewrite.c in the mod_rewrite module in the Apache HTTP Server 2.2.x before 2.2.25 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to execute arbitrary commands via an HTTP request containing an escape sequence for a terminal emulator.

Remediation

References

CVE-2013-1862

Related Vulnerabilities

IBM WebSEAL Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-1476)

WordPress Plugin Catch Infinite Scroll Security Bypass (1.8.1)

Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2014-7834)

MediaWiki CVE-2021-30159 Vulnerability (CVE-2021-30159)

WordPress Plugin Contact Form to DB by BestWebSoft-Messages Database For WordPress SQL Injection (1.7.2)

Severity

Medium

Classification

CVE-2013-1862

Tags

Missing Update Known Vulnerabilities