CVE-2013-1862

Description

mod_rewrite.c in the mod_rewrite module in the Apache HTTP Server 2.2.x before 2.2.25 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to execute arbitrary commands via an HTTP request containing an escape sequence for a terminal emulator.

How to fix CVE-2013-1862

To remediate CVE-2013-1862, upgrade the affected package to a fixed version below.

• Debian/apache2—upgrade to 2.4.1-1 or later

Is CVE-2013-1862 being exploited?

Likely — EPSS is 52.4%, placing CVE-2013-1862 in the top tier of vulnerabilities by exploitation probability. Prioritise patching.

Affected packages (1)

• from 0, < 2.4.1-1

References (1)

• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2013-1862