CVE-2013-1862

Priority
Low
Description
mod_rewrite.c in the mod_rewrite module in the Apache HTTP Server 2.2.x
before 2.2.25 writes data to a log file without sanitizing non-printable
characters, which might allow remote attackers to execute arbitrary
commands via an HTTP request containing an escape sequence for a terminal
emulator.
References
Bugs
Notes
mdeslaur> doesn't affect 2.4.x, logs are escaped
Assigned-to
mdeslaur
Package
Upstream:needs-triage
Ubuntu 10.04 LTS (Lucid Lynx):released (2.2.14-5ubuntu8.12)
Ubuntu 12.04 LTS (Precise Pangolin):released (2.2.22-1ubuntu1.4)
Ubuntu 12.10 (Quantal Quetzal):released (2.2.22-6ubuntu2.3)
Ubuntu 13.04 (Raring Ringtail):released (2.2.22-6ubuntu5.1)
Ubuntu 13.10 (Saucy Salamander):not-affected (2.4.4-6ubuntu4)
Patches:
Upstream:http://svn.apache.org/viewvc?view=revision&revision=1482349 (2.2)
More Information

Valid XHTML 1.0 Strict

Updated: 2013-07-18 17:14:58 UTC (commit 7104)