Description

mod_rewrite.c in the mod_rewrite module in the Apache HTTP Server 2.2.x before 2.2.25 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to execute arbitrary commands via an HTTP request containing an escape sequence for a terminal emulator.

Remediation

References

CVE-2013-1862

Related Vulnerabilities

Phusion Passenger Improper Link Resolution Before File Access ('Link Following') Vulnerability (CVE-2013-4136)

Jboss EAP Uncontrolled Resource Consumption Vulnerability (CVE-2021-3629)

Handlebars CVE-2021-23369 Vulnerability (CVE-2021-23369)

MyBB URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2018-10678)

MySQL Other Vulnerability (CVE-2000-0148)

Severity

Medium

Classification

CVE-2013-1862

Tags

Missing Update Known Vulnerabilities