Description
Format string vulnerability in certain third party modifications to mod_dav for logging bad gateway messages (e.g. Oracle9i Application Server 9.0.2) allows remote attackers to execute arbitrary code via a destination URI that forces a "502 Bad Gateway" response, which causes the format string specifiers to be returned from dav_lookup_uri() in mod_dav.c, which is then used in a call to ap_log_rerror().
Remediation
References
Related Vulnerabilities
Internet Information Services Other Vulnerability (CVE-1999-1376)
WordPress 4.2.x Multiple Vulnerabilities (4.2 - 4.2.33)
MySQL CVE-2022-21641 Vulnerability (CVE-2022-21641)
WordPress Plugin Woocommerce Category Banner Management Security Bypass (1.1.1)
WordPress Plugin User Role by BestWebSoft Cross-Site Scripting (1.4.1)