5.1

CVE-2013-1862

mod_rewrite.c in the mod_rewrite module in the Apache HTTP Server 2.2.x before 2.2.25 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to execute arbitrary commands via an HTTP request containing an escape sequence for a terminal emulator.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
ApacheHTTP Server Version >= 2.0.0 < 2.0.65
ApacheHTTP Server Version >= 2.2.0 < 2.2.25
RedhatJboss Enterprise Application Platform Version6.0.0
   RedhatEnterprise Linux Version5.0
   RedhatEnterprise Linux Version6.0
RedhatJboss Enterprise Application Platform Version6.4.0
   RedhatEnterprise Linux Version5.0
   RedhatEnterprise Linux Version6.0
OracleHTTP Server Version10.1.3.5.0
OracleHTTP Server Version11.1.1.7.0
OracleHTTP Server Version12.1.2.0
OracleHTTP Server Version12.1.3.0
RedhatEnterprise Linux Eus Version5.9
RedhatEnterprise Linux Eus Version6.4
CanonicalUbuntu Linux Version10.04 SwEdition-
CanonicalUbuntu Linux Version12.04 SwEdition-
CanonicalUbuntu Linux Version12.10
CanonicalUbuntu Linux Version13.04
OpensuseOpensuse Version11.4
OpensuseOpensuse Version12.2
OpensuseOpensuse Version12.3
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 24.89% 0.976
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.1 4.9 6.4
AV:N/AC:H/Au:N/C:P/I:P/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3E
http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html
Third Party Advisory
http://www.securityfocus.com/bid/64758
Third Party Advisory
VDB Entry
https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r05b5357d1f6bd106f41541ee7d87aafe3f5ea4dc3e9bde5ce09baff8%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r9b4b963760a3cb5a4a70c902f325c6c0337fe51d5b8570416f8f8729%40%3Ccvs.httpd.apache.org%3E
http://support.apple.com/kb/HT6150
Third Party Advisory
http://www.fujitsu.com/global/support/software/security/products-f/interstage-201303e.html
Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21644047
Third Party Advisory
https://lists.apache.org/thread.html/r9821b0a32a1d0a1b4947abb6f3630053fcbb2ec905d9a32c2bd4d4ee%40%3Ccvs.httpd.apache.org%3E
http://rhn.redhat.com/errata/RHSA-2013-0815.html
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2013-1207.html
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2013-1208.html
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2013-1209.html
Third Party Advisory
http://secunia.com/advisories/55032
Not Applicable
http://lists.opensuse.org/opensuse-updates/2013-08/msg00026.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-updates/2013-08/msg00029.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-updates/2013-08/msg00030.html
Third Party Advisory
Mailing List
http://people.apache.org/~jorton/mod_rewrite-CVE-2013-1862.patch
Patch
Vendor Advisory
http://svn.apache.org/viewvc?view=revision&revision=r1469311
Patch
Vendor Advisory
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1862
Broken Link
http://www.mandriva.com/security/advisories?name=MDVSA-2013:174
Broken Link
http://www.securityfocus.com/bid/59826
Third Party Advisory
VDB Entry
http://www.ubuntu.com/usn/USN-1903-1
Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=953729
Third Party Advisory
Issue Tracking
https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c03922406-1%257CdocLocale%253D%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
Broken Link
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18790
Third Party Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19534
Third Party Advisory