CVE-2013-1862 — Improper Input Validation in Apache Http Server

CWE-20 — Improper Input Validation9 documents9 sources

Severity

5.1MEDIUMNVD

EPSS

39.6%

top 2.68%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apache Http Server Canonical Ubuntu Linux Opensuse +7 more

Timeline

PublishedJun 10

Latest updateMay 13

Description

mod_rewrite.c in the mod_rewrite module in the Apache HTTP Server 2.2.x before 2.2.25 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to execute arbitrary commands via an HTTP request containing an escape sequence for a terminal emulator.

CVSS vector

AV:N/AC:H/C:P/I:P/A:PExploitability: 4.9 | Impact: 6.4

Affected Packages7 packages

▶NVDapache/http_server2.0.0 — 2.0.65+1

▶NVDoracle/http_server4 versions+3

▶NVDredhat/enterprise_linux_server5.0, 6.0+1

▶NVDopensuse/opensuse11.4, 12.2, 12.3+2

▶NVDredhat/enterprise_linux_desktop5.0, 6.0+1

Also affects: Ubuntu Linux 10.04, 12.04, 12.10, 13.04, Enterprise Linux 5.9, 6.4

Patches

Patch: people.apache.org ↗Patch: svn.apache.org ↗Patch: people.apache.org ↗

🔴Vulnerability Details

GHSA

GHSA-wp7w-p549-c3xq: mod_rewrite↗2022-05-13

▶

CVEList

CVE-2013-1862: mod_rewrite↗2013-06-10

▶

OSV

CVE-2013-1862: mod_rewrite↗2013-06-10

▶

📋Vendor Advisories

Ubuntu

Apache HTTP Server vulnerabilities↗2013-07-15

▶

Cisco

Apache HTTP Server mod_rewrite Log File Manipulation Vulnerability↗2013-05-30

▶

Red Hat

httpd: mod_rewrite allows terminal escape sequences to be written to the log file↗2013-04-19

▶

Debian

CVE-2013-1862: apache2 - mod_rewrite.c in the mod_rewrite module in the Apache HTTP Server 2.2.x before 2...↗2013

▶

💬Community

Bugzilla

CVE-2013-1862 httpd: mod_rewrite allows terminal escape sequences to be written to the log file↗2013-04-19

▶