CVE-2013-1862

Apache HTTP Server 2.0.0-2.0.64 - Remote Code Execution via mod_rewrite Log Injection

Title source: llm
STIX 2.1

Description

mod_rewrite.c in the mod_rewrite module in the Apache HTTP Server 2.2.x before 2.2.25 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to execute arbitrary commands via an HTTP request containing an escape sequence for a terminal emulator.

References (43)

Core 43
Core References
Issue Tracking, Third Party Advisory x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=953729
Broken Link vendor-advisory x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2013:174
Third Party Advisory x_refsource_confirm
http://www-01.ibm.com/support/docview.wss?uid=swg21644047
Third Party Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2013-1209.html
Patch, Vendor Advisory x_refsource_confirm
http://svn.apache.org/viewvc?view=revision&revision=r1469311
Patch, Vendor Advisory x_refsource_confirm
http://people.apache.org/~jorton/mod_rewrite-CVE-2013-1862.patch
Mailing List, Third Party Advisory vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-updates/2013-08/msg00029.html
Third Party Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2013-0815.html
Third Party Advisory x_refsource_confirm
http://support.apple.com/kb/HT6150
Third Party Advisory vendor-advisory x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-1903-1
Third Party Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2013-1207.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/59826
Third Party Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2013-1208.html
Mailing List, Third Party Advisory vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-updates/2013-08/msg00030.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/64758
Not Applicable third-party-advisory x_refsource_secunia
http://secunia.com/advisories/55032
Mailing List, Third Party Advisory vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-updates/2013-08/msg00026.html

Scores

EPSS 0.2489
EPSS Percentile 97.7%

Details

Status published
Products (24)
apache/http_server 2.0.0 - 2.0.65
canonical/ubuntu_linux 10.04
canonical/ubuntu_linux 12.04
canonical/ubuntu_linux 12.10
canonical/ubuntu_linux 13.04
opensuse/opensuse 11.4
opensuse/opensuse 12.2
opensuse/opensuse 12.3
oracle/http_server 10.1.3.5.0
oracle/http_server 11.1.1.7.0
... and 14 more
Published Jun 10, 2013
Tracked Since Feb 18, 2026