Apache HTTP Server Terminal Escape Sequence In Logs Command Injection Vulnerability
危険度: 中
CVE識別番号: CVE-2013-1862
情報公開日: 7 21, 2015
概要
mod_rewrite.c in the mod_rewrite module in the Apache HTTP Server 2.2.x before 2.2.25 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to execute arbitrary commands via an HTTP request containing an escape sequence for a terminal emulator.
トレンドマイクロの対策
Apply associated Trend Micro DPI Rules.
対応方法
Trend Micro Deep Security DPI Rule Number: 1000128
Trend Micro Deep Security DPI Rule Name: 1000128 - HTTP Protocol Decoding
影響を受けるソフトウェア
- apache http_server 2.2
- apache http_server 2.2.0
- apache http_server 2.2.1
- apache http_server 2.2.10
- apache http_server 2.2.11
- apache http_server 2.2.12
- apache http_server 2.2.13
- apache http_server 2.2.14
- apache http_server 2.2.15
- apache http_server 2.2.16
- apache http_server 2.2.17
- apache http_server 2.2.18
- apache http_server 2.2.19
- apache http_server 2.2.2
- apache http_server 2.2.20
- apache http_server 2.2.21
- apache http_server 2.2.22
- apache http_server 2.2.23
- apache http_server 2.2.24
- apache http_server 2.2.3
- apache http_server 2.2.4
- apache http_server 2.2.6
- apache http_server 2.2.8
- apache http_server 2.2.9