Apache HTTP Server mod_rewrite Log File Manipulation Vulnerability

A vulnerability in the do_rewritelog() function of Apache HTTP Server could allow an unauthenticated, remote attacker to gain access to sensitive information.

The vulnerability is due to improper handling of certain escape sequences by the affected software. An unauthenticated, remote attacker could exploit this vulnerability by sending a crafted HTTP request to the targeted device. Processing the crafted request could allow certain escape sequences to be written to the log file. If an attacker views these sequences in the log file with a terminal emulator, the attacker could execute arbitrary commands on the targeted system.

Apache has confirmed this vulnerability and released updated software.

To exploit the vulnerability, the attacker must submit crafted HTTP requests to the system. In a typical network configuration, the attacker would likely need access to trusted, internal networks to submit crafted requests to the targeted system. This access requirement could reduce the likelihood of a successful exploit.

According to the vendor, the updated Apache HTTP Server version 2.0.65 will be released in September 2013.