Description
mod_rewrite.c in the mod_rewrite module in the Apache HTTP Server 2.2.x before 2.2.25 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to execute arbitrary commands via an HTTP request containing an escape sequence for a terminal emulator.
Remediation
References
Related Vulnerabilities
PrestaShop Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2011-4545)
WebLogic Improper Input Validation Vulnerability (CVE-2021-44832)
WordPress Plugin Booking Calendar-Appointment Booking-BookIt Security Bypass (2.3.7)
WordPress Plugin SI CAPTCHA Anti-Spam Cross-Site Scripting (2.7.5)