Description

mod_rewrite.c in the mod_rewrite module in the Apache HTTP Server 2.2.x before 2.2.25 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to execute arbitrary commands via an HTTP request containing an escape sequence for a terminal emulator.

Remediation

References

CVE-2013-1862

Related Vulnerabilities

WordPress Plugin Sell Downloads Arbitrary File Disclosure (1.0.17)

Dotclear Other Vulnerability (CVE-2007-3672)

WordPress Plugin UpdraftPlus WordPress Backup Cross-Site Scripting (1.13.4)

WordPress Plugin Photo Gallery by 10Web-Mobile-Friendly Image Gallery Cross-Site Scripting (1.2.12)

WordPress Plugin WebP Express Arbitrary File Disclosure (0.14.10)

Severity

Medium

Classification

CVE-2013-1862

Tags

Missing Update Known Vulnerabilities