Lucene search

[email protected]CVE-2013-1862

HistoryJun 10, 2013 - 5:55 p.m.

CVE-2013-1862

2013-06-1017:55:00

NVD-CWE-noinfo

[email protected]

web.nvd.nist.gov

991

cve-2013-1862

mod_rewrite

apache http server

command execution

security vulnerability

6.9 Medium

AI Score

Confidence

High

5.1 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

0.383 Low

EPSS

Percentile

97.2%

JSON

mod_rewrite.c in the mod_rewrite module in the Apache HTTP Server 2.2.x before 2.2.25 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to execute arbitrary commands via an HTTP request containing an escape sequence for a terminal emulator.

CPENameOperatorVersion
apache:http_serverapache http serverlt2.2.25
apache:http_serverapache http serverlt2.0.65
redhat:jboss_enterprise_application_platformredhat jboss enterprise application platformeq6.0.0
redhat:jboss_enterprise_application_platformredhat jboss enterprise application platformeq6.4.0
oracle:http_serveroracle http servereq12.1.3.0
oracle:http_serveroracle http servereq12.1.2.0
oracle:http_serveroracle http servereq11.1.1.7.0
oracle:http_serveroracle http servereq10.1.3.5.0
redhat:enterprise_linux_serverredhat enterprise linux servereq5.0
redhat:enterprise_linux_workstationredhat enterprise linux workstationeq5.0

CPE	Name	Operator	Version
apache:http_server	apache http server	lt	2.2.25
apache:http_server	apache http server	lt	2.0.65
redhat:jboss_enterprise_application_platform	redhat jboss enterprise application platform	eq	6.0.0
redhat:jboss_enterprise_application_platform	redhat jboss enterprise application platform	eq	6.4.0
oracle:http_server	oracle http server	eq	12.1.3.0
oracle:http_server	oracle http server	eq	12.1.2.0
oracle:http_server	oracle http server	eq	11.1.1.7.0
oracle:http_server	oracle http server	eq	10.1.3.5.0
redhat:enterprise_linux_server	redhat enterprise linux server	eq	5.0
redhat:enterprise_linux_workstation	redhat enterprise linux workstation	eq	5.0

Rows per page:

1-10 of 251

References

lists.opensuse.org/opensuse-updates/2013-08/msg00026.html

lists.opensuse.org/opensuse-updates/2013-08/msg00029.html

lists.opensuse.org/opensuse-updates/2013-08/msg00030.html

people.apache.org/~jorton/mod_rewrite-CVE-2013-1862.patch

rhn.redhat.com/errata/RHSA-2013-0815.html

rhn.redhat.com/errata/RHSA-2013-1207.html

rhn.redhat.com/errata/RHSA-2013-1208.html

rhn.redhat.com/errata/RHSA-2013-1209.html

secunia.com/advisories/55032

support.apple.com/kb/HT6150

svn.apache.org/viewvc?view=revision&revision=r1469311

tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1862

www-01.ibm.com/support/docview.wss?uid=swg21644047

www.fujitsu.com/global/support/software/security/products-f/interstage-201303e.html

www.mandriva.com/security/advisories?name=MDVSA-2013:174

www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html

www.securityfocus.com/bid/59826

www.securityfocus.com/bid/64758

www.ubuntu.com/usn/USN-1903-1

bugzilla.redhat.com/show_bug.cgi?id=953729

h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c03922406-1%257CdocLocale%253D%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken

lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E

lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E

lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E

lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E

lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E

lists.apache.org/thread.html/r05b5357d1f6bd106f41541ee7d87aafe3f5ea4dc3e9bde5ce09baff8%40%3Ccvs.httpd.apache.org%3E

lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3E

lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E

lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4%40%3Ccvs.httpd.apache.org%3E

lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E

lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3E

lists.apache.org/thread.html/r9821b0a32a1d0a1b4947abb6f3630053fcbb2ec905d9a32c2bd4d4ee%40%3Ccvs.httpd.apache.org%3E

lists.apache.org/thread.html/r9b4b963760a3cb5a4a70c902f325c6c0337fe51d5b8570416f8f8729%40%3Ccvs.httpd.apache.org%3E

lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3E

lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E

lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E

lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10%40%3Ccvs.httpd.apache.org%3E

lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E

lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E

lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18790

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19534

Social References

6.9 Medium

AI Score

Confidence

High

5.1 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

0.383 Low

EPSS

Percentile

97.2%

JSON

CVE-2013-1862

References

Social References

Related