Twenty Year Anniversary
Showing 1 - 12 of 12 RSS Feed

CVE-2013-1862

Status Candidate

Overview

mod_rewrite.c in the mod_rewrite module in the Apache HTTP Server 2.2.x before 2.2.25 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to execute arbitrary commands via an HTTP request containing an escape sequence for a terminal emulator.

Related Files

RSA Validation Manager POODLE / DoS / XSS / Race Condition
Posted Jun 16, 2015
Site emc.com

RSA Validation Manager versions 3.2 prior to build 201 suffer from race condition, cross site scripting, denial of service, and various other vulnerabilities.

tags | advisory, denial of service, vulnerability, xss
advisories | CVE-2012-3499, CVE-2013-1862, CVE-2013-2566, CVE-2014-0098, CVE-2014-0226, CVE-2014-0231, CVE-2014-3566, CVE-2015-0526
MD5 | 51be514dcb82b661cd331be6bff22e68
Apple Security Advisory 2014-02-25-1
Posted Feb 26, 2014
Authored by Apple | Site apple.com

Apple Security Advisory 2014-02-25-1 - OS X Mavericks 10.9.2 and Security Update 2014-001 is now available and addresses multiple security issues including the recent SSL vulnerability.

tags | advisory
systems | apple, osx
advisories | CVE-2011-3389, CVE-2013-1862, CVE-2013-1896, CVE-2013-4073, CVE-2013-4113, CVE-2013-4248, CVE-2013-5139, CVE-2013-5178, CVE-2013-5179, CVE-2013-5986, CVE-2013-5987, CVE-2013-6420, CVE-2013-6629, CVE-2014-1245, CVE-2014-1246, CVE-2014-1247, CVE-2014-1248, CVE-2014-1249, CVE-2014-1250, CVE-2014-1252, CVE-2014-1254, CVE-2014-1255, CVE-2014-1256, CVE-2014-1257, CVE-2014-1258, CVE-2014-1259, CVE-2014-1260, CVE-2014-1261
MD5 | 77202653b9ef1fb712388ec7bd192749
Gentoo Linux Security Advisory 201309-12
Posted Sep 23, 2013
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201309-12 - Multiple vulnerabilities have been discovered in Apache HTTP Server, possibly allowing remote attackers to execute arbitrary code, cause a Denial of Service condition or perform man-in-the-middle attacks. Versions less than 2.2.25 are affected.

tags | advisory, remote, web, denial of service, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2007-6750, CVE-2012-4929, CVE-2013-1862, CVE-2013-1896
MD5 | 3bd400e0ab251b33c56a2a76c27ff19d
HP Security Bulletin HPSBUX02927 SSRT101288
Posted Sep 19, 2013
Authored by HP | Site hp.com

HP Security Bulletin HPSBUX02927 SSRT101288 - Potential security vulnerabilities have been identified with HP-UX Apache Web Server. These vulnerabilities could be exploited remotely to execute arbitrary code or create a Denial of Service (DoS). Revision 1 of this advisory.

tags | advisory, web, denial of service, arbitrary, vulnerability
systems | hpux
advisories | CVE-2013-1862, CVE-2013-1896
MD5 | 57ac2943531369f2dbc0235f60a4a098
Red Hat Security Advisory 2013-1207-01
Posted Sep 4, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1207-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. This release serves as a replacement for Red Hat JBoss Enterprise Application Platform 6.1.0, and includes bug fixes and enhancements.

tags | advisory, java
systems | linux, redhat
advisories | CVE-2012-3499, CVE-2012-4558, CVE-2013-1862, CVE-2013-1896, CVE-2013-1921, CVE-2013-2172, CVE-2013-4112
MD5 | 57f850de7fc7ad6370fd505d5c8d0a67
Red Hat Security Advisory 2013-1208-01
Posted Sep 4, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1208-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. This release serves as a replacement for Red Hat JBoss Enterprise Application Platform 6.1.0, and includes bug fixes and enhancements.

tags | advisory, java
systems | linux, redhat
advisories | CVE-2012-3499, CVE-2012-4558, CVE-2013-1862, CVE-2013-1896, CVE-2013-1921, CVE-2013-2172, CVE-2013-4112
MD5 | 2a6821ae0d1055c847f904a19fd221a8
Red Hat Security Advisory 2013-1209-01
Posted Sep 4, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1209-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. This release serves as a replacement for Red Hat JBoss Enterprise Application Platform 6.1.0, and includes bug fixes and enhancements.

tags | advisory, java
systems | linux, redhat
advisories | CVE-2012-3499, CVE-2012-4558, CVE-2013-1862, CVE-2013-1896, CVE-2013-1921, CVE-2013-2172, CVE-2013-4112
MD5 | 9eb099e79e1ae079b63410d608655692
Red Hat Security Advisory 2013-1134-01
Posted Aug 5, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1134-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector, JBoss HTTP Connector, Hibernate, and the Tomcat Native library. A flaw was found in the way the mod_dav module of the Apache HTTP Server handled merge requests. An attacker could use this flaw to send a crafted merge request that contains URIs that are not configured for DAV, causing the httpd child process to crash.

tags | advisory, java, web
systems | linux, redhat
advisories | CVE-2013-1862, CVE-2013-1896
MD5 | 4ca104993ae2eace60b1247e7b0e5003
Red Hat Security Advisory 2013-1133-01
Posted Aug 5, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1133-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector, JBoss HTTP Connector, Hibernate, and the Tomcat Native library. A flaw was found in the way the mod_dav module of the Apache HTTP Server handled merge requests. An attacker could use this flaw to send a crafted merge request that contains URIs that are not configured for DAV, causing the httpd child process to crash.

tags | advisory, java, web
systems | linux, redhat
advisories | CVE-2013-1862, CVE-2013-1896
MD5 | b812fc5eff25761133fbe50d83490e5e
Ubuntu Security Notice USN-1903-1
Posted Jul 16, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1903-1 - It was discovered that the mod_rewrite module incorrectly sanitized non-printable characters before writing data to log files. A remote attacker could possibly use this flaw to execute arbitrary commands by injecting escape sequences in the log file. It was discovered that the mod_dav module incorrectly handled certain MERGE requests. A remote attacker could use this issue to cause the server to stop responding, resulting in a denial of service. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2013-1862, CVE-2013-1896, CVE-2013-1862, CVE-2013-1896
MD5 | 11b3fca191250859499f55046eaa5702
Mandriva Linux Security Advisory 2013-174
Posted Jun 14, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-174 - mod_rewrite.c in the mod_rewrite module in the Apache HTTP Server 2.2.x before 2.2.25 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to execute arbitrary commands via an HTTP request containing an escape sequence for a terminal emulator. A buffer overflow when reading digest password file with very long lines in htdigest was discovered. The updated packages have been patched to correct these issues.

tags | advisory, remote, web, overflow, arbitrary
systems | linux, mandriva
advisories | CVE-2013-1862
MD5 | 60385be6fefe2e85da589670242e6552
Red Hat Security Advisory 2013-0815-01
Posted May 14, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0815-01 - The Apache HTTP Server is a popular web server. Cross-site scripting flaws were found in the mod_proxy_balancer module's manager web interface. If a remote attacker could trick a user, who was logged into the manager web interface, into visiting a specially-crafted URL, it would lead to arbitrary web script execution in the context of the user's manager interface session. It was found that mod_rewrite did not filter terminal escape sequences from its log file. If mod_rewrite was configured with the RewriteLog directive, a remote attacker could use specially-crafted HTTP requests to inject terminal escape sequences into the mod_rewrite log file. If a victim viewed the log file with a terminal emulator, it could result in arbitrary command execution with the privileges of that user.

tags | advisory, remote, web, arbitrary, xss
systems | linux, redhat
advisories | CVE-2012-3499, CVE-2012-4558, CVE-2013-1862
MD5 | d937fe7968bc60edcdd3111ef4b0411e
Page 1 of 1
Back1Next

File Archive:

September 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    1 Files
  • 2
    Sep 2nd
    3 Files
  • 3
    Sep 3rd
    15 Files
  • 4
    Sep 4th
    15 Files
  • 5
    Sep 5th
    18 Files
  • 6
    Sep 6th
    18 Files
  • 7
    Sep 7th
    15 Files
  • 8
    Sep 8th
    2 Files
  • 9
    Sep 9th
    2 Files
  • 10
    Sep 10th
    16 Files
  • 11
    Sep 11th
    17 Files
  • 12
    Sep 12th
    15 Files
  • 13
    Sep 13th
    29 Files
  • 14
    Sep 14th
    21 Files
  • 15
    Sep 15th
    3 Files
  • 16
    Sep 16th
    1 Files
  • 17
    Sep 17th
    15 Files
  • 18
    Sep 18th
    16 Files
  • 19
    Sep 19th
    29 Files
  • 20
    Sep 20th
    18 Files
  • 21
    Sep 21st
    5 Files
  • 22
    Sep 22nd
    0 Files
  • 23
    Sep 23rd
    0 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close