CVE-2013-1862

Published: Jun 10, 2013Modified: Apr 29, 2026

5.1

Vector

AV:N/AC:H/Au:N/C:P/I:P/A:P

Exploitability: 4.9 / Impact: 6.4

Source: NVD

Description

mod_rewrite.c in the mod_rewrite module in the Apache HTTP Server 2.2.x before 2.2.25 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to execute arbitrary commands via an HTTP request containing an escape sequence for a terminal emulator.

Affected (25)

Products: Apache: Http Server · Redhat: Jboss Enterprise Application Platform, Enterprise Linux Desktop, Enterprise Linux Eus, Enterprise Linux Server, Enterprise Linux Server Aus, Enterprise Linux Workstation · Oracle: Http Server · +2 more

Show all products

Apache: Http Server · Redhat: Jboss Enterprise Application Platform, Enterprise Linux Desktop, Enterprise Linux Eus, Enterprise Linux Server, Enterprise Linux Server Aus, Enterprise Linux Workstation · Oracle: Http Server · Canonical: Ubuntu Linux · Opensuse: Opensuse

Apache

1 product

Http Server

Redhat

6 products

Jboss Enterprise Application Platform

Enterprise Linux Desktop

Enterprise Linux Eus

Enterprise Linux Server

Enterprise Linux Server Aus

Enterprise Linux Workstation

1 product

1 product

1 product

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Apache Http Server	From 2.0.0 to 2.0.65
Apache Http Server	From 2.2.0 to 2.2.25

Configuration B

2 vulnerable · 2 platform

Vulnerable Software	Affected Versions
Redhat Jboss Enterprise Application Platform	Version 6.0.0
Redhat Jboss Enterprise Application Platform	Version 6.4.0

Running on/with	Platform Versions
Redhat Enterprise Linux	Version 5.0
Redhat Enterprise Linux	Version 6.0

Configuration C

4 vulnerable

Vulnerable Software	Affected Versions
Oracle Http Server	Version 10.1.3.5.0
Oracle Http Server	Version 11.1.1.7.0
Oracle Http Server	Version 12.1.2.0
Oracle Http Server	Version 12.1.3.0

Configuration D

10 vulnerable

Vulnerable Software	Affected Versions
Redhat Enterprise Linux Desktop	Version 5.0
Redhat Enterprise Linux Desktop	Version 6.0
Redhat Enterprise Linux Eus	Version 5.9
Redhat Enterprise Linux Eus	Version 6.4
Redhat Enterprise Linux Server	Version 5.0
Redhat Enterprise Linux Server	Version 6.0
Redhat Enterprise Linux Server Aus	Version 5.9
Redhat Enterprise Linux Server Aus	Version 6.4
Redhat Enterprise Linux Workstation	Version 5.0
Redhat Enterprise Linux Workstation	Version 6.0

Configuration E

4 vulnerable

Vulnerable Software	Affected Versions
Canonical Ubuntu Linux	Version 10.04
Canonical Ubuntu Linux	Version 12.04
Canonical Ubuntu Linux	Version 12.10
Canonical Ubuntu Linux	Version 13.04

Configuration F

3 vulnerable

Vulnerable Software	Affected Versions
Opensuse Opensuse	Version 11.4
Opensuse Opensuse	Version 12.2
Opensuse Opensuse	Version 12.3

References (86)

http://lists.opensuse.org/opensuse-updates/2013-08/msg00026.html

Source: secalert@redhat.com

Mailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-updates/2013-08/msg00029.html

Source: secalert@redhat.com

Mailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-updates/2013-08/msg00030.html

Source: secalert@redhat.com

Mailing ListThird Party Advisory

http://people.apache.org/~jorton/mod_rewrite-CVE-2013-1862.patch

Source: secalert@redhat.com

PatchVendor Advisory

http://rhn.redhat.com/errata/RHSA-2013-0815.html

Source: secalert@redhat.com

Third Party Advisory

http://rhn.redhat.com/errata/RHSA-2013-1207.html

Source: secalert@redhat.com

Third Party Advisory

http://rhn.redhat.com/errata/RHSA-2013-1208.html

Source: secalert@redhat.com

Third Party Advisory

http://rhn.redhat.com/errata/RHSA-2013-1209.html

Source: secalert@redhat.com

Third Party Advisory

http://secunia.com/advisories/55032

Source: secalert@redhat.com

Not Applicable

http://support.apple.com/kb/HT6150

Source: secalert@redhat.com

Third Party Advisory

http://svn.apache.org/viewvc?view=revision&revision=r1469311

Source: secalert@redhat.com

PatchVendor Advisory

http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1862

Source: secalert@redhat.com

Broken Link

http://www-01.ibm.com/support/docview.wss?uid=swg21644047

Source: secalert@redhat.com

Third Party Advisory

http://www.fujitsu.com/global/support/software/security/products-f/interstage-201303e.html

Source: secalert@redhat.com

Third Party Advisory

http://www.mandriva.com/security/advisories?name=MDVSA-2013:174

Source: secalert@redhat.com

Broken Link

http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html

Source: secalert@redhat.com

Third Party Advisory

http://www.securityfocus.com/bid/59826

Source: secalert@redhat.com

Third Party AdvisoryVDB Entry

http://www.securityfocus.com/bid/64758

Source: secalert@redhat.com

Third Party AdvisoryVDB Entry

http://www.ubuntu.com/usn/USN-1903-1

Source: secalert@redhat.com

Third Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=953729

Source: secalert@redhat.com

Issue TrackingThird Party Advisory

https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c03922406-1%257CdocLocale%253D%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken

Source: secalert@redhat.com

Broken Link

https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E

Source: secalert@redhat.com

https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E

Source: secalert@redhat.com

https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E

Source: secalert@redhat.com

https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E

Source: secalert@redhat.com

https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E

Source: secalert@redhat.com

https://lists.apache.org/thread.html/r05b5357d1f6bd106f41541ee7d87aafe3f5ea4dc3e9bde5ce09baff8%40%3Ccvs.httpd.apache.org%3E

Source: secalert@redhat.com

https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3E

Source: secalert@redhat.com

https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E

Source: secalert@redhat.com

https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4%40%3Ccvs.httpd.apache.org%3E

Source: secalert@redhat.com

https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E

Source: secalert@redhat.com

https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3E

Source: secalert@redhat.com

https://lists.apache.org/thread.html/r9821b0a32a1d0a1b4947abb6f3630053fcbb2ec905d9a32c2bd4d4ee%40%3Ccvs.httpd.apache.org%3E

Source: secalert@redhat.com

https://lists.apache.org/thread.html/r9b4b963760a3cb5a4a70c902f325c6c0337fe51d5b8570416f8f8729%40%3Ccvs.httpd.apache.org%3E

Source: secalert@redhat.com

https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3E

Source: secalert@redhat.com

https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E

Source: secalert@redhat.com

https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E

Source: secalert@redhat.com

https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10%40%3Ccvs.httpd.apache.org%3E

Source: secalert@redhat.com

https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E

Source: secalert@redhat.com

https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E

Source: secalert@redhat.com

https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E

Source: secalert@redhat.com

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18790

Source: secalert@redhat.com

Third Party Advisory

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19534

Source: secalert@redhat.com

Third Party Advisory

http://lists.opensuse.org/opensuse-updates/2013-08/msg00026.html