apache22 -- several vulnerabilities

2013-06-21T00:00:00
ID F3D24AEE-E5AD-11E2-B183-20CF30E32F6D
Type freebsd
Reporter FreeBSD
Modified 2013-07-10T00:00:00

Description

Apache HTTP SERVER PROJECT reports:

The mod_rewrite module in the Apache HTTP Server 2.2.x before 2.2.25 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to execute arbitrary commands via an HTTP request containing an escape sequence for a terminal emulator. mod_dav: Sending a MERGE request against a URI handled by mod_dav_svn with the source href (sent as part of the request body as XML) pointing to a URI that is not configured for DAV will trigger a segfault.