Vulnerability in Apache Http_server
CVE-2013-1862
mod_rewrite.c in the mod_rewrite module in the Apache HTTP Server 2.2.x before 2.2.25 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to execute arbitrary commands via an HTTP reque…
EPSS: 0.524 (98.0th percentile) — read the EPSS interpretation.
Affected products
- Apache Http_server
- Oracle Http_server — versions 10.1.3.5.0, 11.1.1.7.0, 12.1.2.0
- Canonical Ubuntu_linux — versions 10.04, 12.04, 12.10
- Opensuse — versions 11.4, 12.2, 12.3
- Redhat Enterprise_linux — versions 5.0, 6.0
- Redhat Enterprise_linux_desktop — versions 5.0, 6.0
- Redhat Enterprise_linux_eus — versions 5.9, 6.4
- Redhat Enterprise_linux_server — versions 5.0, 6.0
- Redhat Enterprise_linux_server_aus — versions 5.9, 6.4
- Redhat Enterprise_linux_workstation — versions 5.0, 6.0
Public proof-of-concept exploits
References
- secalert@redhat.com (x_refsource_CONFIRM, Third Party Advisory, Issue Tracking)
- oval:org.mitre.oval:def:18790 (x_refsource_OVAL, signature, Third Party Advisory, vdb-entry)
- MDVSA-2013:174 (vendor-advisory, x_refsource_MANDRIVA, Broken Link)
- secalert@redhat.com (x_refsource_CONFIRM, Third Party Advisory)
- SSRT101288 (x_refsource_HP, vendor-advisory, Broken Link)
- RHSA-2013:1209 (x_refsource_REDHAT, vendor-advisory, Third Party Advisory)
- secalert@redhat.com (x_refsource_CONFIRM, Patch, Vendor Advisory)
- secalert@redhat.com (x_refsource_CONFIRM, Patch, Vendor Advisory)
- openSUSE-SU-2013:1340 (vendor-advisory, Mailing List, Third Party Advisory, x_refsource_SUSE)
- RHSA-2013:0815 (x_refsource_REDHAT, vendor-advisory, Third Party Advisory)
Frequently asked questions
- What is CVE-2013-1862?
- CVE-2013-1862 is a vulnerability in Apache Http_server. Published 2013-06-10.
- Is CVE-2013-1862 known to be exploited?
- 27 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.