mod_rewrite.c in the mod_rewrite module in the Apache HTTP Server 2.2.x prior to 2.2.25 writes data to a log file without sanitizing non-printable characters, which might allow remote malicious users to execute arbitrary commands via an HTTP request containing an escape sequence for a terminal emulator.
| Vulnerable Product | Search on Vulmon | Subscribe to Product |
|---|---|---|
apache http server |
||
redhat jboss_enterprise_application_platform 6.0.0 |
||
redhat jboss_enterprise_application_platform 6.4.0 |
||
oracle http server 12.1.3.0 |
||
oracle http server 12.1.2.0 |
||
oracle http server 11.1.1.7.0 |
||
oracle http server 10.1.3.5.0 |
||
redhat enterprise linux server 5.0 |
||
redhat enterprise linux workstation 5.0 |
||
redhat enterprise linux server aus 6.4 |
||
redhat enterprise linux desktop 6.0 |
||
redhat enterprise linux server 6.0 |
||
redhat enterprise linux workstation 6.0 |
||
redhat enterprise linux desktop 5.0 |
||
redhat enterprise linux server aus 5.9 |
||
redhat enterprise linux eus 5.9 |
||
redhat enterprise linux eus 6.4 |
||
canonical ubuntu linux 13.04 |
||
canonical ubuntu linux 12.10 |
||
canonical ubuntu linux 10.04 |
||
canonical ubuntu linux 12.04 |
||
opensuse opensuse 12.3 |
||
opensuse opensuse 11.4 |
||
opensuse opensuse 12.2 |
Vulmon