RootSSV:60788

HistoryMay 17, 2013 - 12:00 a.m.

Apache HTTP Server日志内终端转义序列命令注入漏洞

2013-05-1700:00:00

Root

www.seebug.org

706

0.359 Low

EPSS

Percentile

96.7%

JSON

BUGTRAQ ID: 59826
CVE(CAN) ID: CVE-2013-1862

Apache HTTP Server是开源HTTP服务器。

Apache HTTP Server mod_rewrite向日志文件写入数据时，没有过滤不能打印的字符。如果 mod_rewrite 使用了指令RewriteLog，远程攻击者可利用此漏洞向日志文件写入终端转义序列。如果HTTP请求包含终端模拟器的转义序列，此漏洞也可造成任意命令执行。
0
Apache Group HTTP Server 2.2.x
厂商补丁：

Apache Group

目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载：

http://httpd.apache.org/
http://people.apache.org/~jorton/mod_rewrite-CVE-2013-1862.patch

cve 1

ibm 6

openvas 18

checkpoint_advisories 2

nessus 33

ubuntucve 1

prion 1

f5 2

cisco 1

httpd 2

debiancve 1

mageia 1

veracode 2

redhat 6

kaspersky 2

ubuntu 1

freebsd 1

amazon 2

oraclelinux 1

securityvulns 4

centos 1

gentoo 1

suse 1

hackerone 2

oracle 1

cve

CVE-2013-1862

2013-06-10 17:55:00

ibm

Security Bulletin: Potential Security exposure in IBM HTTP Server CVE-2013-1862 PM87808

2022-09-25 23:13:40

Security Bulletin: Potential Security Vulnerabilities fixed in IBM WebSphere Application Server 8.0.0.7

2022-09-25 21:06:56

Security Bulletin: Potential Security Vulnerabilities fixed in IBM WebSphere Application Server 7.0.0.31

2018-06-15 06:59:10

openvas

Apache HTTP Server Log Escape Filtering Vulnerability (Jul 2013) - Linux

2021-11-01 00:00:00

Mageia: Security Advisory (MGASA-2013-0174)

2022-01-28 00:00:00

SUSE: Security Advisory (SUSE-SU-2013:1824-1)

2021-06-09 00:00:00

checkpoint_advisories

Apache HTTP Server mod_rewrite RewriteLog Command Execution (CVE-2013-1862)

2013-09-09 00:00:00

Apache HTTP Server mod_rewrite RewriteLog Command Execution - Ver2 (CVE-2013-1862)

2015-03-26 00:00:00

nessus

F5 Networks BIG-IP : Apache vulnerability (SOL15877)

2014-11-28 00:00:00

Mandriva Linux Security Advisory : apache (MDVSA-2013:174)

2013-06-16 00:00:00

IBM HTTP Server 8.5.0.0 <= 8.5.5.0 / 8.0.0.0 <= 8.0.0.6 / 7.0.0.0 <= 7.0.0.29 / 6.1.0.0 <= 6.1.0.45 (491411)

2020-12-11 00:00:00

ubuntucve

CVE-2013-1862

2013-06-10 00:00:00

prion

Command injection

2013-06-10 17:55:00

SOL15877 - Apache vulnerability CVE-2013-1862

2014-11-27 00:00:00

K15877 : Apache vulnerability CVE-2013-1862

2015-06-08 00:00:00

cisco

Apache HTTP Server mod_rewrite Log File Manipulation Vulnerability

2013-05-30 19:48:16

httpd

Apache Httpd < 2.0.65 : mod_rewrite log escape filtering

2013-03-13 00:00:00

Apache Httpd < 2.2.25 : mod_rewrite log escape filtering

2013-03-13 00:00:00

debiancve

CVE-2013-1862

2013-06-10 17:55:00

mageia

Updated apache packages fix security vulnerabilities

2013-06-19 14:11:42

veracode

Remote Code Execution (RCE)

2019-01-15 08:57:06

Arbitrary Code Injection

2019-05-02 04:44:51

redhat

(RHSA-2013:1133) Moderate: httpd security update

2013-08-05 15:27:06

(RHSA-2013:1134) Moderate: httpd security update

2013-08-05 15:32:30

(RHSA-2013:0815) Moderate: httpd security update

2013-05-13 00:00:00

kaspersky

KLA10068 Multiple vulnerabilities in Apache httpd

2013-07-22 00:00:00

KLA10065 Multiple vulnerabilities in Apache httpd

2013-07-22 00:00:00

ubuntu

Apache HTTP Server vulnerabilities

2013-07-15 00:00:00

freebsd

apache22 -- several vulnerabilities

2013-06-21 00:00:00

amazon

Medium: httpd

2013-05-24 13:56:00

Medium: httpd24

2013-05-24 13:57:00

oraclelinux

httpd security update

2013-05-13 00:00:00

securityvulns

Apache security vulnerabilities

2013-07-15 00:00:00

Apple Mac OS X multiple security vulnerabilities

2014-02-28 00:00:00

APPLE-SA-2014-02-25-1 OS X Mavericks 10.9.2 and Security Update 2014-001

2014-02-28 00:00:00

centos

httpd, mod_ssl security update

2013-05-13 22:32:03

gentoo

Apache HTTP Server: Multiple vulnerabilities

2013-09-23 00:00:00

suse

Security update for apache2 (important)

2014-09-02 21:04:17

hackerone

Marktplaats: Multiple Apache 2.2.22 Vulnerabilities (XSS/ Code Exec/ DoS)

2015-06-09 17:47:58

U.S. Dept Of Defense: Out-of-date Version (Apache)

2016-11-24 15:09:27

oracle

Oracle Critical Patch Update - January 2014

2014-01-14 00:00:00

Products

Security Intelligence
Non-intrusive assessment
Developers SDK
Windows scanner
Linux scanner
Perimeter control tool
MSSP

Database

Vulnerabilities
Exploits
IOC
Security News
BugBounty
Popular
Wild Exploited
Top Vulnerabilities

Tools

Linux Security Scanner
API integration
Subscriptions
Plugins
Manual Audit

Learn More

Stats
API
Docs
Api-keys
License
Pricing
Glossary
FAQ

Company

Blog
Contacts
About Us
OpenSource
EULA
Brand Guideline
Privacy Policy

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply. All product names, logos, and brands are property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, logos, and brands does not imply endorsement.If you are an owner of some content and want it to be removed, please contact us. Using Vulners services you are accepting Vulners services end-user license agreement

@2024 Vulners Inc

0.359 Low

EPSS

Percentile

96.7%

JSON

Related for SSV:60788