what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 12 of 12 RSS Feed

CVE-2013-1862

Status Candidate

Overview

mod_rewrite.c in the mod_rewrite module in the Apache HTTP Server 2.2.x before 2.2.25 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to execute arbitrary commands via an HTTP request containing an escape sequence for a terminal emulator.

Related Files

RSA Validation Manager POODLE / DoS / XSS / Race Condition
Posted Jun 16, 2015
Site emc.com

RSA Validation Manager versions 3.2 prior to build 201 suffer from race condition, cross site scripting, denial of service, and various other vulnerabilities.

tags | advisory, denial of service, vulnerability, xss
advisories | CVE-2012-3499, CVE-2013-1862, CVE-2013-2566, CVE-2014-0098, CVE-2014-0226, CVE-2014-0231, CVE-2014-3566, CVE-2015-0526
SHA-256 | 703e04b821a0df9e65975d31c6a38a8fc2688b91256b2bfeecf3b49ca2c66426
Apple Security Advisory 2014-02-25-1
Posted Feb 26, 2014
Authored by Apple | Site apple.com

Apple Security Advisory 2014-02-25-1 - OS X Mavericks 10.9.2 and Security Update 2014-001 is now available and addresses multiple security issues including the recent SSL vulnerability.

tags | advisory
systems | apple, osx
advisories | CVE-2011-3389, CVE-2013-1862, CVE-2013-1896, CVE-2013-4073, CVE-2013-4113, CVE-2013-4248, CVE-2013-5139, CVE-2013-5178, CVE-2013-5179, CVE-2013-5986, CVE-2013-5987, CVE-2013-6420, CVE-2013-6629, CVE-2014-1245, CVE-2014-1246, CVE-2014-1247, CVE-2014-1248, CVE-2014-1249, CVE-2014-1250, CVE-2014-1252, CVE-2014-1254, CVE-2014-1255, CVE-2014-1256, CVE-2014-1257, CVE-2014-1258, CVE-2014-1259, CVE-2014-1260, CVE-2014-1261
SHA-256 | 1d8f727073c1ea1d6289c8c7fa93c5237ad978b58d6ca700d78a6f12ea0f3b83
Gentoo Linux Security Advisory 201309-12
Posted Sep 23, 2013
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201309-12 - Multiple vulnerabilities have been discovered in Apache HTTP Server, possibly allowing remote attackers to execute arbitrary code, cause a Denial of Service condition or perform man-in-the-middle attacks. Versions less than 2.2.25 are affected.

tags | advisory, remote, web, denial of service, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2007-6750, CVE-2012-4929, CVE-2013-1862, CVE-2013-1896
SHA-256 | a834b8c97a0c98dcf9ffd2350ae88c9499323cf2cc10bcbb258da5bf98c05882
HP Security Bulletin HPSBUX02927 SSRT101288
Posted Sep 19, 2013
Authored by HP | Site hp.com

HP Security Bulletin HPSBUX02927 SSRT101288 - Potential security vulnerabilities have been identified with HP-UX Apache Web Server. These vulnerabilities could be exploited remotely to execute arbitrary code or create a Denial of Service (DoS). Revision 1 of this advisory.

tags | advisory, web, denial of service, arbitrary, vulnerability
systems | hpux
advisories | CVE-2013-1862, CVE-2013-1896
SHA-256 | aa6b7ac4280371a19f7882c9282af21cd79cd3f23a82758bd65a72326125e77d
Red Hat Security Advisory 2013-1207-01
Posted Sep 4, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1207-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. This release serves as a replacement for Red Hat JBoss Enterprise Application Platform 6.1.0, and includes bug fixes and enhancements.

tags | advisory, java
systems | linux, redhat
advisories | CVE-2012-3499, CVE-2012-4558, CVE-2013-1862, CVE-2013-1896, CVE-2013-1921, CVE-2013-2172, CVE-2013-4112
SHA-256 | 5901122a41b3c707199dcef52f8fcc20b27be7396f67f5ee0ebd8627b1da4a1a
Red Hat Security Advisory 2013-1208-01
Posted Sep 4, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1208-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. This release serves as a replacement for Red Hat JBoss Enterprise Application Platform 6.1.0, and includes bug fixes and enhancements.

tags | advisory, java
systems | linux, redhat
advisories | CVE-2012-3499, CVE-2012-4558, CVE-2013-1862, CVE-2013-1896, CVE-2013-1921, CVE-2013-2172, CVE-2013-4112
SHA-256 | 4c67189dd2412944774f91813aa9f57e5d13eb719310378e25bc38718363f345
Red Hat Security Advisory 2013-1209-01
Posted Sep 4, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1209-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. This release serves as a replacement for Red Hat JBoss Enterprise Application Platform 6.1.0, and includes bug fixes and enhancements.

tags | advisory, java
systems | linux, redhat
advisories | CVE-2012-3499, CVE-2012-4558, CVE-2013-1862, CVE-2013-1896, CVE-2013-1921, CVE-2013-2172, CVE-2013-4112
SHA-256 | 6cf3bd895141886cd470faf254f2c7748848793a92e23f6c3eb202098f7fcb55
Red Hat Security Advisory 2013-1134-01
Posted Aug 5, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1134-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector, JBoss HTTP Connector, Hibernate, and the Tomcat Native library. A flaw was found in the way the mod_dav module of the Apache HTTP Server handled merge requests. An attacker could use this flaw to send a crafted merge request that contains URIs that are not configured for DAV, causing the httpd child process to crash.

tags | advisory, java, web
systems | linux, redhat
advisories | CVE-2013-1862, CVE-2013-1896
SHA-256 | f3762866ae287745c1aef81e5fd72ea6d719231d8bf28f0fc66d89f34941946c
Red Hat Security Advisory 2013-1133-01
Posted Aug 5, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1133-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector, JBoss HTTP Connector, Hibernate, and the Tomcat Native library. A flaw was found in the way the mod_dav module of the Apache HTTP Server handled merge requests. An attacker could use this flaw to send a crafted merge request that contains URIs that are not configured for DAV, causing the httpd child process to crash.

tags | advisory, java, web
systems | linux, redhat
advisories | CVE-2013-1862, CVE-2013-1896
SHA-256 | 6a1d7201cf3feea885275a7fccb230881f35ce567076aeb08974c43b74be918d
Ubuntu Security Notice USN-1903-1
Posted Jul 16, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1903-1 - It was discovered that the mod_rewrite module incorrectly sanitized non-printable characters before writing data to log files. A remote attacker could possibly use this flaw to execute arbitrary commands by injecting escape sequences in the log file. It was discovered that the mod_dav module incorrectly handled certain MERGE requests. A remote attacker could use this issue to cause the server to stop responding, resulting in a denial of service. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2013-1862, CVE-2013-1896, CVE-2013-1862, CVE-2013-1896
SHA-256 | abd462126aebf1bb2c7fabc5c4f67e1480ea33b6a384117cb877b884bcb02807
Mandriva Linux Security Advisory 2013-174
Posted Jun 14, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-174 - mod_rewrite.c in the mod_rewrite module in the Apache HTTP Server 2.2.x before 2.2.25 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to execute arbitrary commands via an HTTP request containing an escape sequence for a terminal emulator. A buffer overflow when reading digest password file with very long lines in htdigest was discovered. The updated packages have been patched to correct these issues.

tags | advisory, remote, web, overflow, arbitrary
systems | linux, mandriva
advisories | CVE-2013-1862
SHA-256 | 2ef485fabf6f64c2cc22e87d879e20db615d5f5d8b001b607a7c37741132d484
Red Hat Security Advisory 2013-0815-01
Posted May 14, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0815-01 - The Apache HTTP Server is a popular web server. Cross-site scripting flaws were found in the mod_proxy_balancer module's manager web interface. If a remote attacker could trick a user, who was logged into the manager web interface, into visiting a specially-crafted URL, it would lead to arbitrary web script execution in the context of the user's manager interface session. It was found that mod_rewrite did not filter terminal escape sequences from its log file. If mod_rewrite was configured with the RewriteLog directive, a remote attacker could use specially-crafted HTTP requests to inject terminal escape sequences into the mod_rewrite log file. If a victim viewed the log file with a terminal emulator, it could result in arbitrary command execution with the privileges of that user.

tags | advisory, remote, web, arbitrary, xss
systems | linux, redhat
advisories | CVE-2012-3499, CVE-2012-4558, CVE-2013-1862
SHA-256 | 8ac681819050f76835e7e03059b14a970ed924170ecca367e162d301f1e59b63
Page 1 of 1
Back1Next

File Archive:

October 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    39 Files
  • 2
    Oct 2nd
    23 Files
  • 3
    Oct 3rd
    18 Files
  • 4
    Oct 4th
    20 Files
  • 5
    Oct 5th
    0 Files
  • 6
    Oct 6th
    0 Files
  • 7
    Oct 7th
    17 Files
  • 8
    Oct 8th
    66 Files
  • 9
    Oct 9th
    25 Files
  • 10
    Oct 10th
    20 Files
  • 11
    Oct 11th
    21 Files
  • 12
    Oct 12th
    0 Files
  • 13
    Oct 13th
    0 Files
  • 14
    Oct 14th
    0 Files
  • 15
    Oct 15th
    0 Files
  • 16
    Oct 16th
    0 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close