CVE-2013-1862

Priority
Low
Description
mod_rewrite.c in the mod_rewrite module in the Apache HTTP Server 2.2.x
before 2.2.25 writes data to a log file without sanitizing non-printable
characters, which might allow remote attackers to execute arbitrary
commands via an HTTP request containing an escape sequence for a terminal
emulator.
References
Bugs
Notes
 mdeslaur> doesn't affect 2.4.x, logs are escaped
Assigned-to
mdeslaur
Package
Upstream:needs-triage
Patches:
Upstream:http://svn.apache.org/viewvc?view=revision&revision=1482349 (2.2)
More Information

Updated: 2017-08-11 23:50:29 UTC (commit 13081)