Arbitrary Command Execution via mod_rewrite Log File in Apache HTTP Server 2.2.x before 2.2.25

Arbitrary Command Execution via mod_rewrite Log File in Apache HTTP Server 2.2.x before 2.2.25

CVE-2013-1862 · MEDIUM Severity

AV:N/AC:H/AU:N/C:P/I:P/A:P

mod_rewrite.c in the mod_rewrite module in the Apache HTTP Server 2.2.x before 2.2.25 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to execute arbitrary commands via an HTTP request containing an escape sequence for a terminal emulator.

Learn more about our Cis Benchmark Audit For Apache Http Server.