CVE-2013-1862 — MEDIUM (5.1)

Q: How severe is CVE-2013-1862?

CVE-2013-1862 has been rated MEDIUM with a CVSS base score of 5.1/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2013-1862?

Check the references section above for vendor advisories and patch information. Affected products include: Apache Http Server, Redhat Jboss Enterprise Application Platform, Redhat Enterprise Linux, Oracle Http Server, Redhat Enterprise Linux Desktop.

Vulnerability Description

mod_rewrite.c in the mod_rewrite module in the Apache HTTP Server 2.2.x before 2.2.25 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to execute arbitrary commands via an HTTP request containing an escape sequence for a terminal emulator.

CVSS Score

5.1

MEDIUM

AV:N/AC:H/Au:N/C:P/I:P/A:P

Confidentiality

PARTIAL

Integrity

PARTIAL

Availability

PARTIAL

Affected Products

Vendor	Product	Versions
Apache	Http Server	>= 2.0.0, < 2.0.65
Redhat	Jboss Enterprise Application Platform	6.0.0
Redhat	Enterprise Linux	5.0
Oracle	Http Server	10.1.3.5.0
Redhat	Enterprise Linux Desktop	5.0
Redhat	Enterprise Linux Eus	5.9
Redhat	Enterprise Linux Server	5.0
Redhat	Enterprise Linux Server Aus	5.9
Redhat	Enterprise Linux Workstation	5.0
Canonical	Ubuntu Linux	10.04
Opensuse	Opensuse	11.4

References

http://lists.opensuse.org/opensuse-updates/2013-08/msg00026.htmlMailing ListThird Party Advisory
http://lists.opensuse.org/opensuse-updates/2013-08/msg00029.htmlMailing ListThird Party Advisory
http://lists.opensuse.org/opensuse-updates/2013-08/msg00030.htmlMailing ListThird Party Advisory
http://people.apache.org/~jorton/mod_rewrite-CVE-2013-1862.patchPatchVendor Advisory
http://rhn.redhat.com/errata/RHSA-2013-0815.htmlThird Party Advisory
http://rhn.redhat.com/errata/RHSA-2013-1207.htmlThird Party Advisory
http://rhn.redhat.com/errata/RHSA-2013-1208.htmlThird Party Advisory
http://rhn.redhat.com/errata/RHSA-2013-1209.htmlThird Party Advisory
http://secunia.com/advisories/55032Not Applicable
http://support.apple.com/kb/HT6150Third Party Advisory
http://svn.apache.org/viewvc?view=revision&revision=r1469311PatchVendor Advisory
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1862Broken Link
http://www-01.ibm.com/support/docview.wss?uid=swg21644047Third Party Advisory
http://www.fujitsu.com/global/support/software/security/products-f/interstage-20Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2013:174Broken Link

FAQ

What is CVE-2013-1862?

CVE-2013-1862 is a vulnerability with a CVSS score of 5.1 (MEDIUM). mod_rewrite.c in the mod_rewrite module in the Apache HTTP Server 2.2.x before 2.2.25 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to execu...

How severe is CVE-2013-1862?

CVE-2013-1862 has been rated MEDIUM with a CVSS base score of 5.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2013-1862?

Check the references section above for vendor advisories and patch information. Affected products include: Apache Http Server, Redhat Jboss Enterprise Application Platform, Redhat Enterprise Linux, Oracle Http Server, Redhat Enterprise Linux Desktop.