mod_rewrite.c in the mod_rewrite module in the Apache HTTP Server 2.2.x before 2.2.25 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to execute arbitrary commands via an HTTP request containing an escape sequence for a terminal emulator.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
Configuration 5 (hide)
|
Configuration 6 (hide)
|
History
07 Nov 2023, 02:14
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
14 Sep 2022, 19:50
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:apache:http_server:2.2.10:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:2.2.17:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:2.2.21:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:2.2:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:2.2.9:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:2.2.8:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:2.2.13:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:2.2.2:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:2.2.1:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:2.2.4:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:2.2.20:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:2.2.3:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:2.2.18:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:2.2.23:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:2.2.24:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:2.2.19:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:2.2.12:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:2.2.22:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:2.2.15:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:2.2.16:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:2.2.0:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:2.2.11:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:2.2.14:*:*:*:*:*:*:* |
cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:* cpe:2.3:a:oracle:http_server:12.1.2.0:*:*:*:*:*:*:* cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:* cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.0.0:*:*:*:*:*:*:* cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:* cpe:2.3:a:oracle:http_server:12.1.3.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_aus:5.9:*:*:*:*:*:*:* cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:* cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux:5.0:*:*:*:*:*:*:* cpe:2.3:o:opensuse:opensuse:12.2:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_eus:6.4:*:*:*:*:*:*:* cpe:2.3:a:oracle:http_server:10.1.3.5.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_aus:6.4:*:*:*:*:*:*:* cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:* cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.4.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:* cpe:2.3:o:canonical:ubuntu_linux:13.04:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:http_server:11.1.1.7.0:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_eus:5.9:*:*:*:*:*:*:* |
First Time |
Oracle
Canonical Redhat Canonical ubuntu Linux Redhat enterprise Linux Server Redhat jboss Enterprise Application Platform Redhat enterprise Linux Desktop Redhat enterprise Linux Server Aus Redhat enterprise Linux Eus Redhat enterprise Linux Opensuse opensuse Oracle http Server Redhat enterprise Linux Workstation Opensuse |
|
CWE | NVD-CWE-noinfo | |
References | (SUSE) http://lists.opensuse.org/opensuse-updates/2013-08/msg00029.html - Mailing List, Third Party Advisory | |
References | (CONFIRM) http://svn.apache.org/viewvc?view=revision&revision=r1469311 - Patch, Vendor Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E - Mailing List, Vendor Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/r9b4b963760a3cb5a4a70c902f325c6c0337fe51d5b8570416f8f8729@%3Ccvs.httpd.apache.org%3E - Mailing List, Vendor Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064@%3Ccvs.httpd.apache.org%3E - Mailing List, Vendor Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4@%3Ccvs.httpd.apache.org%3E - Mailing List, Vendor Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b@%3Ccvs.httpd.apache.org%3E - Mailing List, Vendor Advisory | |
References | (REDHAT) http://rhn.redhat.com/errata/RHSA-2013-1207.html - Third Party Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b@%3Ccvs.httpd.apache.org%3E - Mailing List, Vendor Advisory | |
References | (UBUNTU) http://www.ubuntu.com/usn/USN-1903-1 - Third Party Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10@%3Ccvs.httpd.apache.org%3E - Mailing List, Vendor Advisory | |
References | (CONFIRM) http://www-01.ibm.com/support/docview.wss?uid=swg21644047 - Third Party Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142@%3Ccvs.httpd.apache.org%3E - Mailing List, Vendor Advisory | |
References | (REDHAT) http://rhn.redhat.com/errata/RHSA-2013-0815.html - Third Party Advisory | |
References | (CONFIRM) http://people.apache.org/~jorton/mod_rewrite-CVE-2013-1862.patch - Patch, Vendor Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f@%3Ccvs.httpd.apache.org%3E - Mailing List, Vendor Advisory | |
References | (CONFIRM) http://support.apple.com/kb/HT6150 - Third Party Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79@%3Ccvs.httpd.apache.org%3E - Mailing List, Vendor Advisory | |
References | (OVAL) https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18790 - Third Party Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac@%3Ccvs.httpd.apache.org%3E - Mailing List, Vendor Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7@%3Ccvs.httpd.apache.org%3E - Mailing List, Vendor Advisory | |
References | (HP) https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c03922406-1%257CdocLocale%253D%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken - Broken Link | |
References | (MLIST) https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f@%3Ccvs.httpd.apache.org%3E - Mailing List, Vendor Advisory | |
References | (OVAL) https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19534 - Third Party Advisory | |
References | (SECUNIA) http://secunia.com/advisories/55032 - Not Applicable | |
References | (MANDRIVA) http://www.mandriva.com/security/advisories?name=MDVSA-2013:174 - Broken Link | |
References | (BID) http://www.securityfocus.com/bid/59826 - Third Party Advisory, VDB Entry | |
References | (CONFIRM) http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html - Third Party Advisory | |
References | (CISCO) http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1862 - Broken Link | |
References | (MLIST) https://lists.apache.org/thread.html/r05b5357d1f6bd106f41541ee7d87aafe3f5ea4dc3e9bde5ce09baff8@%3Ccvs.httpd.apache.org%3E - Mailing List, Vendor Advisory | |
References | (SUSE) http://lists.opensuse.org/opensuse-updates/2013-08/msg00030.html - Mailing List, Third Party Advisory | |
References | (CONFIRM) https://bugzilla.redhat.com/show_bug.cgi?id=953729 - Issue Tracking, Third Party Advisory | |
References | (BID) http://www.securityfocus.com/bid/64758 - Third Party Advisory, VDB Entry | |
References | (MLIST) https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc@%3Ccvs.httpd.apache.org%3E - Mailing List, Vendor Advisory | |
References | (REDHAT) http://rhn.redhat.com/errata/RHSA-2013-1209.html - Third Party Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/r9821b0a32a1d0a1b4947abb6f3630053fcbb2ec905d9a32c2bd4d4ee@%3Ccvs.httpd.apache.org%3E - Mailing List, Vendor Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb@%3Ccvs.httpd.apache.org%3E - Mailing List, Vendor Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53@%3Ccvs.httpd.apache.org%3E - Mailing List, Vendor Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E - Mailing List, Vendor Advisory | |
References | (SUSE) http://lists.opensuse.org/opensuse-updates/2013-08/msg00026.html - Mailing List, Third Party Advisory | |
References | (REDHAT) http://rhn.redhat.com/errata/RHSA-2013-1208.html - Third Party Advisory | |
References | (CONFIRM) http://www.fujitsu.com/global/support/software/security/products-f/interstage-201303e.html - Third Party Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b@%3Ccvs.httpd.apache.org%3E - Mailing List, Vendor Advisory |
06 Jun 2021, 11:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
03 Jun 2021, 08:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
30 Mar 2021, 13:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
Information
Published : 2013-06-10 17:55
Updated : 2023-12-10 11:16
NVD link : CVE-2013-1862
Mitre link : CVE-2013-1862
CVE.ORG link : CVE-2013-1862
JSON object : View
Products Affected
redhat
- enterprise_linux
- enterprise_linux_server_aus
- enterprise_linux_server
- enterprise_linux_workstation
- enterprise_linux_desktop
- jboss_enterprise_application_platform
- enterprise_linux_eus
opensuse
- opensuse
oracle
- http_server
apache
- http_server
canonical
- ubuntu_linux
CWE