Apache HTTP Server Terminal Escape Sequence In Logs Command Injection Vulnerability
Gravedad: Medio
Identificadores de CVE : CVE-2013-1862
Fecha recomendada: 21 de julio de 2015
Descripción
mod_rewrite.c in the mod_rewrite module in the Apache HTTP Server 2.2.x before 2.2.25 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to execute arbitrary commands via an HTTP request containing an escape sequence for a terminal emulator.
Revelación de la información
Apply associated Trend Micro DPI Rules.
Soluciones
Trend Micro Deep Security DPI Rule Number: 1000128
Trend Micro Deep Security DPI Rule Name: 1000128 - HTTP Protocol Decoding
Software y versión afectados
- apache http_server 2.2
- apache http_server 2.2.0
- apache http_server 2.2.1
- apache http_server 2.2.10
- apache http_server 2.2.11
- apache http_server 2.2.12
- apache http_server 2.2.13
- apache http_server 2.2.14
- apache http_server 2.2.15
- apache http_server 2.2.16
- apache http_server 2.2.17
- apache http_server 2.2.18
- apache http_server 2.2.19
- apache http_server 2.2.2
- apache http_server 2.2.20
- apache http_server 2.2.21
- apache http_server 2.2.22
- apache http_server 2.2.23
- apache http_server 2.2.24
- apache http_server 2.2.3
- apache http_server 2.2.4
- apache http_server 2.2.6
- apache http_server 2.2.8
- apache http_server 2.2.9