Vulnerabilities > CVE-2013-1862
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
mod_rewrite.c in the mod_rewrite module in the Apache HTTP Server 2.2.x before 2.2.25 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to execute arbitrary commands via an HTTP request containing an escape sequence for a terminal emulator.
Vulnerable Configurations
Nessus
NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201309-12.NASL description The remote host is affected by the vulnerability described in GLSA-201309-12 (Apache HTTP Server: Multiple vulnerabilities) Multiple vulnerabilities have been found in Apache HTTP Server. Please review the CVE identifiers and research paper referenced below for details. Impact : A remote attacker could send a specially crafted request to possibly execute arbitrary code, cause Denial of Service, or obtain sensitive information. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 70085 published 2013-09-24 reporter This script is Copyright (C) 2013-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/70085 title GLSA-201309-12 : Apache HTTP Server: Multiple vulnerabilities NASL family Solaris Local Security Checks NASL id SOLARIS11_APACHE_20131015.NASL description The remote Solaris system is missing necessary patches to address security updates : - Multiple cross-site scripting (XSS) vulnerabilities in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via vectors involving hostnames and URIs in the (1) mod_imagemap, (2) mod_info, (3) mod_ldap, (4) mod_proxy_ftp, and (5) mod_status modules. (CVE-2012-3499) - mod_rewrite.c in the mod_rewrite module in the Apache HTTP Server 2.2.x before 2.2.25 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to execute arbitrary commands via an HTTP request containing an escape sequence for a terminal emulator. (CVE-2013-1862) - mod_dav.c in the Apache HTTP Server before 2.2.25 does not properly determine whether DAV is enabled for a URI, which allows remote attackers to cause a denial of service (segmentation fault) via a MERGE request in which the URI is configured for handling by the mod_dav_svn module, but a certain href attribute in XML data refers to a non-DAV URI. (CVE-2013-1896) last seen 2020-06-01 modified 2020-06-02 plugin id 80585 published 2015-01-19 reporter This script is Copyright (C) 2015-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/80585 title Oracle Solaris Third-Party Patch Update : apache (cve_2013_1896_denial_of) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2013-1133.NASL description Updated httpd packages that fix two security issues are now available for Red Hat JBoss Web Server 2.0.1 for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector (mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the Tomcat Native library. A flaw was found in the way the mod_dav module of the Apache HTTP Server handled merge requests. An attacker could use this flaw to send a crafted merge request that contains URIs that are not configured for DAV, causing the httpd child process to crash. (CVE-2013-1896) It was found that mod_rewrite did not filter terminal escape sequences from its log file. If mod_rewrite was configured with the RewriteLog directive, a remote attacker could use specially crafted HTTP requests to inject terminal escape sequences into the mod_rewrite log file. If a victim viewed the log file with a terminal emulator, it could result in arbitrary command execution with the privileges of that user. (CVE-2013-1862) Warning: Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files). All users of Red Hat JBoss Web Server 2.0.1 should upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, users must restart the httpd service for the update to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 76239 published 2014-06-26 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/76239 title RHEL 5 / 6 : JBoss Web Server (RHSA-2013:1133) NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2013-174.NASL description Multiple vulnerabilities has been found and corrected in apache : mod_rewrite.c in the mod_rewrite module in the Apache HTTP Server 2.2.x before 2.2.25 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to execute arbitrary commands via an HTTP request containing an escape sequence for a terminal emulator (CVE-2013-1862). A buffer overflow when reading digest password file with very long lines in htdigest was discovered (PR 54893). The updated packages have been patched to correct these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 66899 published 2013-06-16 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/66899 title Mandriva Linux Security Advisory : apache (MDVSA-2013:174) NASL family Scientific Linux Local Security Checks NASL id SL_20130513_HTTPD_ON_SL5_X.NASL description Cross-site scripting (XSS) flaws were found in the mod_proxy_balancer module last seen 2020-03-18 modified 2013-05-15 plugin id 66441 published 2013-05-15 reporter This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/66441 title Scientific Linux Security Update : httpd on SL5.x, SL6.x i386/x86_64 (20130513) NASL family Misc. NASL id JUNIPER_NSM_JSA10685_CRED.NASL description The remote host is running a version of NSM (Network and Security Manager) Server that is prior to 2012.2R9. It is, therefore, affected by multiple vulnerabilities in the bundled version of Apache HTTP Server : - A flaw exists due to improper escaping of filenames in 406 and 300 HTTP responses. A remote attacker can exploit this, by uploading a file with a specially crafted name, to inject arbitrary HTTP headers or conduct cross-site scripting attacks. (CVE-2008-0456) - Multiple cross-site scripting vulnerabilities exist in the mod_negotiation module due to improper sanitization of input passed via filenames. An attacker can exploit this to execute arbitrary script code in a user last seen 2020-06-01 modified 2020-06-02 plugin id 84878 published 2015-07-20 reporter This script is Copyright (C) 2015-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/84878 title Juniper NSM < 2012.2R9 Apache HTTP Server Multiple Vulnerabilities (JSA10685) (credentialed check) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2013-1209.NASL description The version of JBoss Enterprise Application Platform installed on the remote system is affected by the following issues : - Flaws in the mod_info, mod_status, mod_imagemap, mod_ldap, and mod_proxy_ftp modules can allow an attacker to perform cross-site scripting (XSS) attacks. (CVE-2012-3499) - Flaws in the web interface of the mod_proxy_balancer module can allow a remote attacker to perform XSS attacks. (CVE-2012-4558) - A flaw in mod_rewrite can allow remote attackers to execute arbitrary commands via an HTTP request containing an escape sequence for a terminal emulator. (CVE-2013-1862) - A flaw in the method by which the mod_dav module handles merge requests can allow an attacker to create a denial of service by sending a crafted merge request that contains URIs that are not configured for DAV. (CVE-2013-1896) - A flaw in PicketBox can allow local users to obtain the admin encryption key by reading the Vault data file. (CVE-2013-1921) - A flaw in Apache Santuario XML Security can allow context-dependent attackers to spoof an XML Signature by using the CanonicalizationMethod parameter to specify an arbitrary weak algorithm. (CVE-2013-2172) - A flaw in JGroup last seen 2020-06-01 modified 2020-06-02 plugin id 72238 published 2014-01-31 reporter This script is Copyright (C) 2014-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/72238 title JBoss Enterprise Application Platform 6.1.1 Update (RHSA-2013:1209) NASL family Misc. NASL id JUNIPER_NSM_JSA10685.NASL description The remote host is running a version of NSM (Network and Security Manager) Server that is prior to 2012.2R9. It is, therefore, affected by multiple vulnerabilities in the bundled version of Apache HTTP Server : - A flaw exists due to improper escaping of filenames in 406 and 300 HTTP responses. A remote attacker can exploit this, by uploading a file with a specially crafted name, to inject arbitrary HTTP headers or conduct cross-site scripting attacks. (CVE-2008-0456) - Multiple cross-site scripting vulnerabilities exist in the mod_negotiation module due to improper sanitization of input passed via filenames. An attacker can exploit this to execute arbitrary script code in a user last seen 2020-06-01 modified 2020-06-02 plugin id 84877 published 2015-07-20 reporter This script is Copyright (C) 2015-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/84877 title Juniper NSM < 2012.2R9 Apache HTTP Server Multiple Vulnerabilities (JSA10685) NASL family Web Servers NASL id WEBSPHERE_7_0_0_31.NASL description IBM WebSphere Application Server 7.0 before Fix Pack 31 appears to be running on the remote host. It is, therefore, potentially affected by the following vulnerabilities : - A flaw in the mod_rewrite module of Apache HTTP Server potentially allows a remote attacker to execute arbitrary code via HTTP. (CVE-2013-1862, PM87808) - An XSS vulnerability exists in IBM WebSphere Application Server due to a failure to sanitize user-supplied input in the Administrative console. (CVE-2013-4005, PM88208) - A denial of service vulnerability exists when using the optional mod_dav module. (CVE-2013-1896, PM89996) - A denial of service vulnerability exists due the use of Apache Ant to compress files. (CVE-2012-2098, PM90088) - A privilege escalation vulnerability exists on IBM WebSphere Application Servers using WS-Security that are configured for XML Digital Signature using trust store. (CVE-2013-4053, PM90949, PM91521) - An XSS vulnerability exists in IBM WebSphere Application Server caused by a failure to sanitize user-supplied input in the UDDI Administrative console. (CVE-2013-4052, PM91892) - A privilege escalation vulnerability exists in IBM WebSphere Application Servers that have been migrated from version 6.1 or later. (CVE-2013-5414, PM92313) - An XSS vulnerability exists in IBM WebSphere Application Server due to a failure to sanitize application HTTP response data. (CVE-2013-5417, PM93323, PM93944) - An XSS vulnerability exists in IBM WebSphere Application Server due to a failure to sanitize user-supplied input in the Administrative console. (CVE-2013-5418, PM96477) - An XSS vulnerability exists in IBM WebSphere Application Server due to a failure to sanitize user-supplied input in the Administrative console. (CVE-2013-6725, PM98132) - An information disclosure vulnerability exists in IBM WebSphere Application Servers configured to use static file caching using the simpleFileServlet. (CVE-2013-6330, PM98624) - A denial of service vulnerability exists in IBM WebSphere Application Server due to a failure to properly handle requests by a web services endpoint. (CVE-2013-6325, PM99450) - An information disclosure vulnerability exists in the IBM SDK for Java that ships with IBM WebSphere Application Server related to JSSE. (CVE-2013-5780) - A denial of service vulnerability exists in the IBM SDK for Java that ships with IBM WebSphere Application Server related to XML. (CVE-2013-5372) - A denial of service vulnerability exists in the IBM SDK for Java that ships with IBM WebSphere Application Server related to JSSE. (CVE-2013-5803) last seen 2020-06-01 modified 2020-06-02 plugin id 72061 published 2014-01-20 reporter This script is Copyright (C) 2014-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/72061 title IBM WebSphere Application Server 7.0 < Fix Pack 31 Multiple Vulnerabilities NASL family Amazon Linux Local Security Checks NASL id ALA_ALAS-2013-193.NASL description Cross-site scripting (XSS) flaws were found in the mod_proxy_balancer module last seen 2020-06-01 modified 2020-06-02 plugin id 69751 published 2013-09-04 reporter This script is Copyright (C) 2013-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/69751 title Amazon Linux AMI : httpd (ALAS-2013-193) NASL family MacOS X Local Security Checks NASL id MACOSX_10_9_2.NASL description The remote host is running a version of Mac OS X 10.9.x that is prior to 10.9.2. This update contains several security-related fixes for the following components : - Apache - ATS - Certificate Trust Policy - CoreAnimation - CoreText - curl - Data Security - Date and Time - File Bookmark - Finder - ImageIO - NVIDIA Drivers - PHP - QuickLook - QuickTime Note that successful exploitation of the most serious issues could result in arbitrary code execution. last seen 2020-06-01 modified 2020-06-02 plugin id 72687 published 2014-02-25 reporter This script is Copyright (C) 2014-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/72687 title Mac OS X 10.9.x < 10.9.2 Multiple Vulnerabilities NASL family Junos Local Security Checks NASL id JUNIPER_SPACE_JSA10627.NASL description According to its self-reported version number, the remote Junos Space version is prior to 13.3R1.8. It is, therefore, affected by multiple vulnerabilities in bundled third party software components : - Multiple vulnerabilities in RedHat JBoss application server. (CVE-2010-0738, CVE-2010-1428, CVE-2010-1429, CVE-2011-5245, CVE-2012-0818) - Multiple vulnerabilities in Oracle Java SE JDK. (CVE-2012-3143, CVE-2013-1537, CVE-2013-1557, CVE-2013-2422) - Multiple vulnerabilities in Oracle MySQL server. (CVE-2013-1502, CVE-2013-1511, CVE-2013-1532, CVE-2013-1544, CVE-2013-2375, CVE-2013-2376, CVE-2013-2389, CVE-2013-2391, CVE-2013-2392, CVE-2013-3783, CVE-2013-3793, CVE-2013-3794, CVE-2013-3801, CVE-2013-3802, CVE-2013-3804, CVE-2013-3805, CVE-2013-3808, CVE-2013-3809, CVE-2013-3812, CVE-2013-3839) - Multiple vulnerabilities in Apache HTTP Server. (CVE-2013-1862, CVE-2013-1896) - Known hard-coded MySQL credentials. (CVE-2014-3413) last seen 2020-06-01 modified 2020-06-02 plugin id 80195 published 2014-12-22 reporter This script is Copyright (C) 2014-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/80195 title Juniper Junos Space < 13.3R1.8 Multiple Vulnerabilities (JSA10627) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-1903-1.NASL description It was discovered that the mod_rewrite module incorrectly sanitized non- printable characters before writing data to log files. A remote attacker could possibly use this flaw to execute arbitrary commands by injecting escape sequences in the log file. (CVE-2013-1862) It was discovered that the mod_dav module incorrectly handled certain MERGE requests. A remote attacker could use this issue to cause the server to stop responding, resulting in a denial of service. (CVE-2013-1896). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 68902 published 2013-07-16 reporter Ubuntu Security Notice (C) 2013-2019 Canonical, Inc. / NASL script (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/68902 title Ubuntu 10.04 LTS / 12.04 LTS / 12.10 / 13.04 : apache2 vulnerabilities (USN-1903-1) NASL family SuSE Local Security Checks NASL id OPENSUSE-2013-637.NASL description - httpd-2.2.x-bnc829056-CVE-2013-1896-pr1482522-mod_dav.diff CVE-2013-1896: Sending a MERGE request against a URI handled by mod_dav_svn with the source href (sent as part of the request body as XML) pointing to a URI that is not configured for DAV will trigger a segfault. [bnc#829056] - httpd-2.2.x-bnc829057-CVE-2013-1862-mod_rewrite_terminal_escape_sequences.diff CVE-2013-1862: client data written to the RewriteLog must have terminal escape sequences escaped. [bnc#829057] last seen 2020-06-05 modified 2014-06-13 plugin id 75109 published 2014-06-13 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/75109 title openSUSE Security Update : apache2 (openSUSE-SU-2013:1337-1) NASL family SuSE Local Security Checks NASL id OPENSUSE-2014-770.NASL description This apache version update fixes various security and non security issues. - Updated to the 2.2.29 - Changes between 2.2.22 and 2.2.29: http://www.apache.org/dist/httpd/CHANGES_2.2 - The following patches are no longer needed and were removed : - httpd-2.2.x-bnc798733-SNI_ignorecase.diff - httpd-2.2.x-bnc806458-mod_imagemap-xss.diff - httpd-2.2.x-bnc806458-mod_info_ap_get_server_name-xss.diff - httpd-2.2.x-bnc806458-mod_proxy_ftp-xss.diff - httpd-2.2.x-bnc806458-util_ldap_cache_mgr-xss.diff - httpd-2.2.x-bnc807152-mod_balancer_handler_xss.diff - httpd-mod_deflate_head.patch - httpd-new_pcre.patch - httpd-2.2.22-SSLCompression_CRIME_mitigation.patch - httpd-2.2.19-linux3.patch - httpd-2.2.x-bnc829056-CVE-2013-1896-pr1482522-mod_dav.diff - httpd-2.2.x-bnc829057-CVE-2013-1862-mod_rewrite_terminal_escape_sequences.diff - httpd-2.2.x-bnc869105-CVE-2013-6438-mod_dav-dos.diff - httpd-2.2.x-bnc869106-CVE-2014-0098-log_cookie_c.diff - httpd-2.2.x-bnc887765-CVE-2014-0226-mod_status_race.diff - httpd-2.2.x-bnc887768-CVE-2014-0231_mod_cgid_DoS_via_no_stdin_read.diff - httpd-2.2.x-bnc777260-CVE-2012-2687-mod_negotiation_filename_xss.diff - httpd-2.2.x-CVE-2011-3368-server_protocl_c.diff - The following patches were updated for the current Apache version : - apache2-mod_ssl_npn.patch - httpd-2.0.54-envvars.dif - httpd-2.2.x-bnc690734.patch - ssl-mode-release-buffers.patch - bnc#871310 fixed in Apache httpd 2.2.29 last seen 2020-06-05 modified 2014-12-16 plugin id 80043 published 2014-12-16 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/80043 title openSUSE Security Update : apache2 (openSUSE-SU-2014:1647-1) NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_F3D24AEEE5AD11E2B18320CF30E32F6D.NASL description Apache HTTP SERVER PROJECT reports : The mod_rewrite module in the Apache HTTP Server 2.2.x before 2.2.25 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to execute arbitrary commands via an HTTP request containing an escape sequence for a terminal emulator. mod_dav: Sending a MERGE request against a URI handled by mod_dav_svn with the source href (sent as part of the request body as XML) pointing to a URI that is not configured for DAV will trigger a segfault. last seen 2020-06-01 modified 2020-06-02 plugin id 67194 published 2013-07-06 reporter This script is Copyright (C) 2013-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/67194 title FreeBSD : apache22 -- several vulnerabilities (f3d24aee-e5ad-11e2-b183-20cf30e32f6d) NASL family F5 Networks Local Security Checks NASL id F5_BIGIP_SOL15877.NASL description mod_rewrite.c in the mod_rewrite module in the Apache HTTP Server 2.2.x before 2.2.25 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to execute arbitrary commands via an HTTP request containing an escape sequence for a terminal emulator. last seen 2020-06-01 modified 2020-06-02 plugin id 79603 published 2014-11-28 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/79603 title F5 Networks BIG-IP : Apache vulnerability (SOL15877) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2013-1207.NASL description Red Hat JBoss Enterprise Application Platform 6.1.1, which fixes multiple security issues, various bugs, and adds enhancements, is now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. This release serves as a replacement for Red Hat JBoss Enterprise Application Platform 6.1.0, and includes bug fixes and enhancements. Refer to the 6.1.1 Release Notes for information on the most significant of these changes, available shortly from https://access.redhat.com/site/documentation/ Security fixes : Cross-site scripting (XSS) flaws were found in the mod_info, mod_status, mod_imagemap, mod_ldap, and mod_proxy_ftp modules. An attacker could possibly use these flaws to perform XSS attacks if they were able to make the victim last seen 2020-06-01 modified 2020-06-02 plugin id 69882 published 2013-09-13 reporter This script is Copyright (C) 2013-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/69882 title RHEL 5 : JBoss EAP (RHSA-2013:1207) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2013-0815.NASL description From Red Hat Security Advisory 2013:0815 : Updated httpd packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The Apache HTTP Server is a popular web server. Cross-site scripting (XSS) flaws were found in the mod_proxy_balancer module last seen 2020-06-01 modified 2020-06-02 plugin id 68819 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/68819 title Oracle Linux 5 / 6 : httpd (ELSA-2013-0815) NASL family Web Servers NASL id APACHE_2_0_65.NASL description According to its banner, the version of Apache 2.0.x running on the remote host is prior to 2.0.65. It is, therefore, affected by several vulnerabilities : - A flaw exists in the byte-range filter, making it vulnerable to denial of service. (CVE-2011-3192) - A flaw exists in last seen 2020-06-01 modified 2020-06-02 plugin id 68914 published 2013-07-16 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/68914 title Apache 2.0.x < 2.0.65 Multiple Vulnerabilities NASL family SuSE Local Security Checks NASL id OPENSUSE-2013-638.NASL description - httpd-2.2.x-bnc829056-CVE-2013-1896-pr1482522-mod_dav.diff CVE-2013-1896: Sending a MERGE request against a URI handled by mod_dav_svn with the source href (sent as part of the request body as XML) pointing to a URI that is not configured for DAV will trigger a segfault. [bnc#829056] - httpd-2.2.x-bnc829057-CVE-2013-1862-mod_rewrite_terminal_escape_sequences.diff CVE-2013-1862: client data written to the RewriteLog must have terminal escape sequences escaped. [bnc#829057] last seen 2020-06-05 modified 2014-06-13 plugin id 75110 published 2014-06-13 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/75110 title openSUSE Security Update : apache2 (openSUSE-SU-2013:1340-1) NASL family Web Servers NASL id APACHE_2_2_25.NASL description According to its banner, the version of Apache 2.2.x running on the remote host is prior to 2.2.25. It is, therefore, potentially affected by the following vulnerabilities : - A flaw exists in the last seen 2020-06-01 modified 2020-06-02 plugin id 68915 published 2013-07-16 reporter This script is Copyright (C) 2013-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/68915 title Apache 2.2.x < 2.2.25 Multiple Vulnerabilities NASL family Web Servers NASL id WEBSPHERE_8_0_0_7.NASL description IBM WebSphere Application Server 8.0 before Fix Pack 7 appears to be running on the remote host. It is, therefore, potentially affected by the following vulnerabilities : - A flaw exists related to Apache Ant and file compression that could lead to denial of service conditions. (CVE-2012-2098 / PM90088) - The TLS protocol in the GSKIT component is vulnerable to a plaintext recovery attack. (CVE-2013-0169 / PM85211) - A flaw exists relating to OAuth that could allow a remote attacker to obtain someone else last seen 2020-06-01 modified 2020-06-02 plugin id 69449 published 2013-08-23 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/69449 title IBM WebSphere Application Server 8.0 < Fix Pack 7 Multiple Vulnerabilities NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2013-1208.NASL description Red Hat JBoss Enterprise Application Platform 6.1.1, which fixes multiple security issues, various bugs, and adds enhancements, is now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. This release serves as a replacement for Red Hat JBoss Enterprise Application Platform 6.1.0, and includes bug fixes and enhancements. Refer to the 6.1.1 Release Notes for information on the most significant of these changes, available shortly from https://access.redhat.com/site/documentation/ Security fixes : Cross-site scripting (XSS) flaws were found in the mod_info, mod_status, mod_imagemap, mod_ldap, and mod_proxy_ftp modules. An attacker could possibly use these flaws to perform XSS attacks if they were able to make the victim last seen 2020-06-01 modified 2020-06-02 plugin id 69883 published 2013-09-13 reporter This script is Copyright (C) 2013-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/69883 title RHEL 6 : JBoss EAP (RHSA-2013:1208) NASL family Web Servers NASL id WEBSPHERE_8_5_5_1.NASL description IBM WebSphere Application Server 8.5 before Fix Pack 8.5.5.1 appears to be running on the remote host and is, therefore, potentially affected by the following vulnerabilities : - A flaw exists related to Apache Ant and file compression that could lead to denial of service conditions. (CVE-2012-2098 / PM90088) - Unspecified errors exist related to the administration console that could allow cross-site scripting attacks. (CVE-2013-0460 / PM72275, CVE-2013-5418 / PM96477, CVE-2013-5425 / PM93828) - Multiple errors exist related to the IBM Eclipse Help System that could allow cross-site scripting attacks and information disclosure attacks. (CVE-2013-0464, CVE-2013-0467, CVE-2013-0599 / PM89893) - An input validation flaw exists in the optional last seen 2020-06-01 modified 2020-06-02 plugin id 71229 published 2013-12-05 reporter This script is Copyright (C) 2013-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/71229 title IBM WebSphere Application Server 8.5 < Fix Pack 8.5.5.1 Multiple Vulnerabilities NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2013-0815.NASL description Updated httpd packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The Apache HTTP Server is a popular web server. Cross-site scripting (XSS) flaws were found in the mod_proxy_balancer module last seen 2020-06-01 modified 2020-06-02 plugin id 66397 published 2013-05-14 reporter This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/66397 title CentOS 5 / 6 : httpd (CESA-2013:0815) NASL family Amazon Linux Local Security Checks NASL id ALA_ALAS-2013-194.NASL description Cross-site scripting (XSS) flaws were found in the mod_proxy_balancer module last seen 2020-06-01 modified 2020-06-02 plugin id 69752 published 2013-09-04 reporter This script is Copyright (C) 2013-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/69752 title Amazon Linux AMI : httpd24 (ALAS-2013-194) NASL family Web Servers NASL id WEBSPHERE_6_1_0_47.NASL description IBM WebSphere Application Server 6.1 before Fix Pack 47 appears to be running on the remote host. As such, it is potentially affected by the following vulnerabilities : - A remote attacker can bypass authentication because of improper user validation on Linux, Solaris, and HP-UX platforms that use a LocalOS registry. (CVE-2013-0543, PM75582) - A denial of service can be caused by the way Apache Ant uses bzip2 to compress files. This can be exploited by a local attacker passing specially crafted input. (CVE-2012-2098, PM90088) - A local attacker can cause a denial of service on Windows platforms with a LocalOS registry using WebSphere Identity Manager. (CVE-2013-0541, PM74909) - Remote attackers can traverse directories by deploying a specially crafted application file to overwrite files outside of the application deployment directory. (CVE-2012-3305, PM62467) - The TLS protocol implementation is susceptible to plaintext-recovery attacks via statistical analysis of timing data for crafted packets. (CVE-2013-0169, PM85211) - Terminal escape sequences are not properly filtered from logs. Remote attackers could execute arbitrary commands via an HTTP request containing an escape sequence. (CVE-2013-1862, PM87808) - Improper validation of user input allows for cross-site request forgery. By persuading an authenticated user to visit a malicious website, a remote attacker could exploit this vulnerability to obtain sensitive information. (CVE-2012-4853, CVE-2013-3029, PM62920, PM88746) - Improper validation of user input in the administrative console allows for multiple cross-site scripting attacks. (CVE-2013-0458, CVE-2013-0459, CVE-2013-0461, CVE-2013-0542, CVE-2013-0596, CVE-2013-2967, CVE-2013-4005, CVE-2013-4052, PM71139, PM72536, PM71389, PM73445, PM78614, PM81846, PM88208, PM91892) - Improper validation of portlets in the administrative console allows for cross-site request forgery, which could allow an attacker to obtain sensitive information. (CVE-2013-0460, PM72275) - Remote, authenticated attackers can traverse directories on Linux and UNIX systems running the application. (CVE-2013-0544, PM82468) - A denial of service attack is possible if the optional mod_dav module is being used. (CVE-2013-1896, PM89996) - Sensitive information can be obtained by a local attacker because of incorrect caching by the administrative console. (CVE-2013-2976, PM79992) - An attacker may gain elevated privileges because of improper certificate checks. WS-Security and XML Digital Signatures must be enabled. (CVE-2013-4053, PM90949, PM91521) - Deserialization of a maliciously crafted OpenJPA object can result in an executable file being written to the file system. WebSphere is NOT vulnerable to this issue but the vendor suggests upgrading to be proactive. (CVE-2013-1768, PM86780, PM86786, PM86788, PM86791) last seen 2020-06-01 modified 2020-06-02 plugin id 70022 published 2013-09-20 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/70022 title IBM WebSphere Application Server 6.1 < Fix Pack 47 Multiple Vulnerabilities NASL family SuSE Local Security Checks NASL id SUSE_SU-2014-1082-1.NASL description This apache2 update fixes the following security issues : - log_cookie mod_log_config.c remote denial of service (CVE-2014-0098, bnc#869106) - mod_dav denial of service (CVE-2013-6438, bnc#869105) - mod_cgid denial of service (CVE-2014-0231, bnc#887768) - mod_status heap-based buffer overflow (CVE-2014-0226, bnc#887765) - mod_rewrite: escape logdata to avoid terminal escapes (CVE-2013-1862, bnc#829057) - mod_dav: segfault in merge request (CVE-2013-1896, bnc#829056) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2015-05-20 plugin id 83632 published 2015-05-20 reporter This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/83632 title SUSE SLES10 Security Update : apache2 (SUSE-SU-2014:1082-1) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2013-0815.NASL description Updated httpd packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The Apache HTTP Server is a popular web server. Cross-site scripting (XSS) flaws were found in the mod_proxy_balancer module last seen 2020-06-01 modified 2020-06-02 plugin id 66403 published 2013-05-14 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/66403 title RHEL 5 / 6 : httpd (RHSA-2013:0815) NASL family MacOS X Local Security Checks NASL id MACOSX_SECUPD2014-001.NASL description The remote host is running a version of Mac OS X 10.7 or 10.8 that does not have Security Update 2014-001 applied. This update contains several security-related fixes for the following components : - Apache - App Sandbox - ATS - Certificate Trust Policy - CFNetwork Cookies - CoreAnimation - Date and Time - File Bookmark - ImageIO - IOSerialFamily - LaunchServices - NVIDIA Drivers - PHP - QuickLook - QuickTime - Secure Transport Note that successful exploitation of the most serious issues could result in arbitrary code execution. last seen 2020-06-01 modified 2020-06-02 plugin id 72688 published 2014-02-25 reporter This script is Copyright (C) 2014-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/72688 title Mac OS X Multiple Vulnerabilities (Security Update 2014-001) (BEAST) NASL family SuSE Local Security Checks NASL id SUSE_11_APACHE2-130730.NASL description This collective update for Apache provides the following fixes : - Make sure that input that has already arrived on the socket is not discarded during a non-blocking read (read(2) returns 0 and errno is set to -EAGAIN). (bnc#815621) - Close the connection just before an attempted re-negotiation if data has been read with pipelining. This is done by resetting the keepalive status. (bnc#815621) - Reset the renegotiation status of a client<->server connection to RENEG_INIT to prevent falsely assumed status. (bnc#791794) - last seen 2020-06-05 modified 2013-08-27 plugin id 69474 published 2013-08-27 reporter This script is Copyright (C) 2013-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/69474 title SuSE 11.2 / 11.3 Security Update : Apache2 (SAT Patch Numbers 8137 / 8138)
Oval
accepted 2015-05-04T04:00:10.907-04:00 class vulnerability contributors name Sergey Artykhov organization ALTX-SOFT name Maria Mikhno organization ALTX-SOFT
definition_extensions comment VisualSVN Server is installed oval oval:org.mitre.oval:def:18636 description mod_rewrite.c in the mod_rewrite module in the Apache HTTP Server 2.2.x before 2.2.25 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to execute arbitrary commands via an HTTP request containing an escape sequence for a terminal emulator. family windows id oval:org.mitre.oval:def:18790 status accepted submitted 2013-10-02T13:00:00 title Apache HTTP vulnerability from 2.2.x before 2.2.25 in VisualSVN Server (CVE-2013-1862) version 8 accepted 2015-04-20T04:01:27.027-04:00 class vulnerability contributors name Ganesh Manal organization Hewlett-Packard name Sushant Kumar Singh organization Hewlett-Packard name Prashant Kumar organization Hewlett-Packard name Mike Cokus organization The MITRE Corporation
description mod_rewrite.c in the mod_rewrite module in the Apache HTTP Server 2.2.x before 2.2.25 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to execute arbitrary commands via an HTTP request containing an escape sequence for a terminal emulator. family unix id oval:org.mitre.oval:def:19534 status accepted submitted 2013-11-22T11:43:28.000-05:00 title HP-UX Apache Web Server, Remote Execution of Arbitrary Code, Denial of Service (DoS) version 49
Redhat
| advisories |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| rpms |
|
Seebug
| bulletinFamily | exploit |
| description | BUGTRAQ ID: 59826 CVE(CAN) ID: CVE-2013-1862 Apache HTTP Server是开源HTTP服务器。 Apache HTTP Server mod_rewrite向日志文件写入数据时,没有过滤不能打印的字符。如果 mod_rewrite 使用了指令RewriteLog,远程攻击者可利用此漏洞向日志文件写入终端转义序列。如果HTTP请求包含终端模拟器的转义序列,此漏洞也可造成任意命令执行。 0 Apache Group HTTP Server 2.2.x 厂商补丁: Apache Group ------------ 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://httpd.apache.org/ http://people.apache.org/~jorton/mod_rewrite-CVE-2013-1862.patch |
| id | SSV:60788 |
| last seen | 2017-11-19 |
| modified | 2013-05-17 |
| published | 2013-05-17 |
| reporter | Root |
| title | Apache HTTP Server日志内终端转义序列命令注入漏洞 |
References
- http://people.apache.org/~jorton/mod_rewrite-CVE-2013-1862.patch
- http://svn.apache.org/viewvc?view=revision&revision=r1469311
- https://bugzilla.redhat.com/show_bug.cgi?id=953729
- http://rhn.redhat.com/errata/RHSA-2013-0815.html
- http://lists.opensuse.org/opensuse-updates/2013-08/msg00026.html
- http://www.ubuntu.com/usn/USN-1903-1
- http://lists.opensuse.org/opensuse-updates/2013-08/msg00029.html
- http://lists.opensuse.org/opensuse-updates/2013-08/msg00030.html
- http://www-01.ibm.com/support/docview.wss?uid=swg21644047
- http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1862
- https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c03922406-1%257CdocLocale%253D%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
- http://rhn.redhat.com/errata/RHSA-2013-1209.html
- http://rhn.redhat.com/errata/RHSA-2013-1207.html
- http://rhn.redhat.com/errata/RHSA-2013-1208.html
- http://secunia.com/advisories/55032
- http://www.securityfocus.com/bid/64758
- http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html
- http://www.mandriva.com/security/advisories?name=MDVSA-2013:174
- http://support.apple.com/kb/HT6150
- http://www.fujitsu.com/global/support/software/security/products-f/interstage-201303e.html
- http://www.securityfocus.com/bid/59826
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19534
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18790
- https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/r9b4b963760a3cb5a4a70c902f325c6c0337fe51d5b8570416f8f8729%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/r05b5357d1f6bd106f41541ee7d87aafe3f5ea4dc3e9bde5ce09baff8%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/r9821b0a32a1d0a1b4947abb6f3630053fcbb2ec905d9a32c2bd4d4ee%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E