|
|
Subscribe / Log in / New account

httpd: command execution

Package(s):httpd CVE #(s):CVE-2013-1862
Created:May 14, 2013 Updated:July 15, 2013
Description: From the Red Hat advisory:

It was found that mod_rewrite did not filter terminal escape sequences from its log file. If mod_rewrite was configured with the RewriteLog directive, a remote attacker could use specially-crafted HTTP requests to inject terminal escape sequences into the mod_rewrite log file. If a victim viewed the log file with a terminal emulator, it could result in arbitrary command execution with the privileges of that user.

Alerts:
openSUSE openSUSE-SU-2014:1647-1 apache2 2014-12-15
SUSE SUSE-SU-2014:1082-1 apache2 2014-09-02
Gentoo 201309-12 apache 2013-09-23
openSUSE openSUSE-SU-2013:1341-1 apache2 2013-08-14
openSUSE openSUSE-SU-2013:1340-1 apache2 2013-08-14
openSUSE openSUSE-SU-2013:1337-1 apache2 2013-08-14
Ubuntu USN-1903-1 apache2 2013-07-15
Mageia MGASA-2013-0174 apache 2013-06-19
Mandriva MDVSA-2013:174 apache 2013-06-14
Scientific Linux SL-http-20130514 httpd 2013-05-14
Oracle ELSA-2013-0815 httpd 2013-05-13
Oracle ELSA-2013-0815 httpd 2013-05-13
CentOS CESA-2013:0815 httpd 2013-05-13
CentOS CESA-2013:0815 httpd 2013-05-14
Red Hat RHSA-2013:0815-01 httpd 2013-05-13
to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds