ID CVE-2013-1862
Summary mod_rewrite.c in the mod_rewrite module in the Apache HTTP Server 2.2.x before 2.2.25 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to execute arbitrary commands via an HTTP request containing an escape sequence for a terminal emulator.
References
Vulnerable Configurations
  • cpe:2.3:a:apache:http_server:2.2.16:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.2.16:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.2.15:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.2.15:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.2.11:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.2.11:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.2.18:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.2.18:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.2.14:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.2.14:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.2:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.2:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.2.4:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.2.4:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.2.17:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.2.17:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.2.3:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.2.3:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.2.20:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.2.20:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.2.23:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.2.23:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.2.10:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.2.10:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.2.13:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.2.13:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.2.2:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.2.2:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.2.21:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.2.21:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.2.8:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.2.8:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.2.24:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.2.24:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.2.6:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.2.6:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.2.22:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.2.22:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.2.19:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.2.19:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.2.9:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.2.9:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.2.12:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.2.12:*:*:*:*:*:*:*
CVSS
Base: 5.1 (as of 06-06-2021 - 11:15)
Impact:
Exploitability:
CWE CWE-310
CAPEC
  • Signature Spoofing by Key Recreation
    An attacker obtains an authoritative or reputable signer's private signature key by exploiting a cryptographic weakness in the signature algorithm or pseudorandom number generation and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.
Access
VectorComplexityAuthentication
NETWORK HIGH NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:H/Au:N/C:P/I:P/A:P
oval via4
  • accepted 2015-05-04T04:00:10.907-04:00
    class vulnerability
    contributors
    • name Sergey Artykhov
      organization ALTX-SOFT
    • name Maria Mikhno
      organization ALTX-SOFT
    definition_extensions
    comment VisualSVN Server is installed
    oval oval:org.mitre.oval:def:18636
    description mod_rewrite.c in the mod_rewrite module in the Apache HTTP Server 2.2.x before 2.2.25 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to execute arbitrary commands via an HTTP request containing an escape sequence for a terminal emulator.
    family windows
    id oval:org.mitre.oval:def:18790
    status accepted
    submitted 2013-10-02T13:00:00
    title Apache HTTP vulnerability from 2.2.x before 2.2.25 in VisualSVN Server (CVE-2013-1862)
    version 8
  • accepted 2015-04-20T04:01:27.027-04:00
    class vulnerability
    contributors
    • name Ganesh Manal
      organization Hewlett-Packard
    • name Sushant Kumar Singh
      organization Hewlett-Packard
    • name Prashant Kumar
      organization Hewlett-Packard
    • name Mike Cokus
      organization The MITRE Corporation
    description mod_rewrite.c in the mod_rewrite module in the Apache HTTP Server 2.2.x before 2.2.25 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to execute arbitrary commands via an HTTP request containing an escape sequence for a terminal emulator.
    family unix
    id oval:org.mitre.oval:def:19534
    status accepted
    submitted 2013-11-22T11:43:28.000-05:00
    title HP-UX Apache Web Server, Remote Execution of Arbitrary Code, Denial of Service (DoS)
    version 49
redhat via4
advisories
  • bugzilla
    id 953729
    title CVE-2013-1862 httpd: mod_rewrite allows terminal escape sequences to be written to the log file
    oval
    OR
    • comment Red Hat Enterprise Linux must be installed
      oval oval:com.redhat.rhba:tst:20070304026
    • AND
      • comment Red Hat Enterprise Linux 5 is installed
        oval oval:com.redhat.rhba:tst:20070331005
      • OR
        • AND
          • comment httpd is earlier than 0:2.2.3-78.el5_9
            oval oval:com.redhat.rhsa:tst:20130815001
          • comment httpd is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20070556002
        • AND
          • comment httpd-devel is earlier than 0:2.2.3-78.el5_9
            oval oval:com.redhat.rhsa:tst:20130815003
          • comment httpd-devel is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20070556004
        • AND
          • comment httpd-manual is earlier than 0:2.2.3-78.el5_9
            oval oval:com.redhat.rhsa:tst:20130815005
          • comment httpd-manual is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20070556006
        • AND
          • comment mod_ssl is earlier than 1:2.2.3-78.el5_9
            oval oval:com.redhat.rhsa:tst:20130815007
          • comment mod_ssl is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20070556008
    • AND
      • comment Red Hat Enterprise Linux 6 is installed
        oval oval:com.redhat.rhba:tst:20111656003
      • OR
        • AND
          • comment httpd is earlier than 0:2.2.15-28.el6_4
            oval oval:com.redhat.rhsa:tst:20130815010
          • comment httpd is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhba:tst:20152194002
        • AND
          • comment httpd-devel is earlier than 0:2.2.15-28.el6_4
            oval oval:com.redhat.rhsa:tst:20130815012
          • comment httpd-devel is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhba:tst:20152194004
        • AND
          • comment httpd-manual is earlier than 0:2.2.15-28.el6_4
            oval oval:com.redhat.rhsa:tst:20130815014
          • comment httpd-manual is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhba:tst:20152194006
        • AND
          • comment httpd-tools is earlier than 0:2.2.15-28.el6_4
            oval oval:com.redhat.rhsa:tst:20130815016
          • comment httpd-tools is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhba:tst:20152194008
        • AND
          • comment mod_ssl is earlier than 1:2.2.15-28.el6_4
            oval oval:com.redhat.rhsa:tst:20130815018
          • comment mod_ssl is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhba:tst:20152194016
    rhsa
    id RHSA-2013:0815
    released 2013-05-13
    severity Moderate
    title RHSA-2013:0815: httpd security update (Moderate)
  • rhsa
    id RHSA-2013:1207
  • rhsa
    id RHSA-2013:1208
  • rhsa
    id RHSA-2013:1209
rpms
  • httpd-0:2.2.15-28.el6_4
  • httpd-0:2.2.3-78.el5_9
  • httpd-debuginfo-0:2.2.15-28.el6_4
  • httpd-debuginfo-0:2.2.3-78.el5_9
  • httpd-devel-0:2.2.15-28.el6_4
  • httpd-devel-0:2.2.3-78.el5_9
  • httpd-manual-0:2.2.15-28.el6_4
  • httpd-manual-0:2.2.3-78.el5_9
  • httpd-tools-0:2.2.15-28.el6_4
  • mod_ssl-1:2.2.15-28.el6_4
  • mod_ssl-1:2.2.3-78.el5_9
  • httpd-0:2.2.22-25.ep6.el5
  • httpd-0:2.2.22-25.ep6.el6
  • httpd-debuginfo-0:2.2.22-25.ep6.el5
  • httpd-debuginfo-0:2.2.22-25.ep6.el6
  • httpd-devel-0:2.2.22-25.ep6.el5
  • httpd-devel-0:2.2.22-25.ep6.el6
  • httpd-manual-0:2.2.22-25.ep6.el5
  • httpd-manual-0:2.2.22-25.ep6.el6
  • httpd-tools-0:2.2.22-25.ep6.el5
  • httpd-tools-0:2.2.22-25.ep6.el6
  • mod_ssl-1:2.2.22-25.ep6.el5
  • mod_ssl-1:2.2.22-25.ep6.el6
  • apache-commons-beanutils-0:1.8.3-12.redhat_3.2.ep6.el5
  • apache-commons-daemon-jsvc-eap6-1:1.0.15-2.redhat_2.ep6.el5
  • apache-commons-daemon-jsvc-eap6-debuginfo-1:1.0.15-2.redhat_2.ep6.el5
  • apache-cxf-0:2.6.8-8.redhat_7.1.ep6.el5
  • apache-cxf-xjc-utils-0:2.6.0-2.redhat_4.1.ep6.el5
  • cxf-xjc-boolean-0:2.6.0-2.redhat_4.1.ep6.el5
  • cxf-xjc-dv-0:2.6.0-2.redhat_4.1.ep6.el5
  • cxf-xjc-ts-0:2.6.0-2.redhat_4.1.ep6.el5
  • hibernate4-0:4.2.0-11.SP1_redhat_1.ep6.el5
  • hibernate4-core-0:4.2.0-11.SP1_redhat_1.ep6.el5
  • hibernate4-entitymanager-0:4.2.0-11.SP1_redhat_1.ep6.el5
  • hibernate4-envers-0:4.2.0-11.SP1_redhat_1.ep6.el5
  • hibernate4-infinispan-0:4.2.0-11.SP1_redhat_1.ep6.el5
  • hornetq-0:2.3.5-2.Final_redhat_2.1.ep6.el5
  • hornetq-native-0:2.3.5-1.Final_redhat_1.ep6.el5
  • hornetq-native-debuginfo-0:2.3.5-1.Final_redhat_1.ep6.el5
  • httpd-0:2.2.22-25.ep6.el5
  • httpd-debuginfo-0:2.2.22-25.ep6.el5
  • httpd-devel-0:2.2.22-25.ep6.el5
  • httpd-manual-0:2.2.22-25.ep6.el5
  • httpd-tools-0:2.2.22-25.ep6.el5
  • infinispan-0:5.2.7-1.Final_redhat_1.ep6.el5
  • infinispan-cachestore-jdbc-0:5.2.7-1.Final_redhat_1.ep6.el5
  • infinispan-cachestore-remote-0:5.2.7-1.Final_redhat_1.ep6.el5
  • infinispan-client-hotrod-0:5.2.7-1.Final_redhat_1.ep6.el5
  • infinispan-core-0:5.2.7-1.Final_redhat_1.ep6.el5
  • ironjacamar-0:1.0.19-1.Final_redhat_2.ep6.el5
  • ironjacamar-common-api-0:1.0.19-1.Final_redhat_2.ep6.el5
  • ironjacamar-common-impl-0:1.0.19-1.Final_redhat_2.ep6.el5
  • ironjacamar-common-spi-0:1.0.19-1.Final_redhat_2.ep6.el5
  • ironjacamar-core-api-0:1.0.19-1.Final_redhat_2.ep6.el5
  • ironjacamar-core-impl-0:1.0.19-1.Final_redhat_2.ep6.el5
  • ironjacamar-deployers-common-0:1.0.19-1.Final_redhat_2.ep6.el5
  • ironjacamar-jdbc-0:1.0.19-1.Final_redhat_2.ep6.el5
  • ironjacamar-spec-api-0:1.0.19-1.Final_redhat_2.ep6.el5
  • ironjacamar-validator-0:1.0.19-1.Final_redhat_2.ep6.el5
  • jaxbintros-0:1.0.2-16.GA_redhat_6.ep6.el5
  • jboss-aesh-0:0.33.7-2.redhat_2.1.ep6.el5
  • jboss-as-appclient-0:7.2.1-5.Final_redhat_10.1.ep6.el5
  • jboss-as-cli-0:7.2.1-5.Final_redhat_10.1.ep6.el5
  • jboss-as-client-all-0:7.2.1-5.Final_redhat_10.1.ep6.el5
  • jboss-as-clustering-0:7.2.1-5.Final_redhat_10.1.ep6.el5
  • jboss-as-cmp-0:7.2.1-5.Final_redhat_10.1.ep6.el5
  • jboss-as-configadmin-0:7.2.1-5.Final_redhat_10.1.ep6.el5
  • jboss-as-connector-0:7.2.1-5.Final_redhat_10.1.ep6.el5
  • jboss-as-console-0:1.5.6-2.Final_redhat_2.1.ep6.el5
  • jboss-as-controller-0:7.2.1-5.Final_redhat_10.1.ep6.el5
  • jboss-as-controller-client-0:7.2.1-5.Final_redhat_10.1.ep6.el5
  • jboss-as-deployment-repository-0:7.2.1-5.Final_redhat_10.1.ep6.el5
  • jboss-as-deployment-scanner-0:7.2.1-5.Final_redhat_10.1.ep6.el5
  • jboss-as-domain-http-0:7.2.1-5.Final_redhat_10.1.ep6.el5
  • jboss-as-domain-management-0:7.2.1-5.Final_redhat_10.1.ep6.el5
  • jboss-as-ee-0:7.2.1-5.Final_redhat_10.1.ep6.el5
  • jboss-as-ee-deployment-0:7.2.1-5.Final_redhat_10.1.ep6.el5
  • jboss-as-ejb3-0:7.2.1-5.Final_redhat_10.1.ep6.el5
  • jboss-as-embedded-0:7.2.1-5.Final_redhat_10.1.ep6.el5
  • jboss-as-host-controller-0:7.2.1-5.Final_redhat_10.1.ep6.el5
  • jboss-as-jacorb-0:7.2.1-5.Final_redhat_10.1.ep6.el5
  • jboss-as-jaxr-0:7.2.1-5.Final_redhat_10.1.ep6.el5
  • jboss-as-jaxrs-0:7.2.1-5.Final_redhat_10.1.ep6.el5
  • jboss-as-jdr-0:7.2.1-5.Final_redhat_10.1.ep6.el5
  • jboss-as-jmx-0:7.2.1-5.Final_redhat_10.1.ep6.el5
  • jboss-as-jpa-0:7.2.1-5.Final_redhat_10.1.ep6.el5
  • jboss-as-jsf-0:7.2.1-5.Final_redhat_10.1.ep6.el5
  • jboss-as-jsr77-0:7.2.1-5.Final_redhat_10.1.ep6.el5
  • jboss-as-logging-0:7.2.1-5.Final_redhat_10.1.ep6.el5
  • jboss-as-mail-0:7.2.1-5.Final_redhat_10.1.ep6.el5
  • jboss-as-management-client-content-0:7.2.1-5.Final_redhat_10.1.ep6.el5
  • jboss-as-messaging-0:7.2.1-5.Final_redhat_10.1.ep6.el5
  • jboss-as-modcluster-0:7.2.1-5.Final_redhat_10.1.ep6.el5
  • jboss-as-naming-0:7.2.1-5.Final_redhat_10.1.ep6.el5
  • jboss-as-network-0:7.2.1-5.Final_redhat_10.1.ep6.el5
  • jboss-as-osgi-0:7.2.1-5.Final_redhat_10.1.ep6.el5
  • jboss-as-osgi-configadmin-0:7.2.1-5.Final_redhat_10.1.ep6.el5
  • jboss-as-osgi-service-0:7.2.1-5.Final_redhat_10.1.ep6.el5
  • jboss-as-platform-mbean-0:7.2.1-5.Final_redhat_10.1.ep6.el5
  • jboss-as-pojo-0:7.2.1-5.Final_redhat_10.1.ep6.el5
  • jboss-as-process-controller-0:7.2.1-5.Final_redhat_10.1.ep6.el5
  • jboss-as-protocol-0:7.2.1-5.Final_redhat_10.1.ep6.el5
  • jboss-as-remoting-0:7.2.1-5.Final_redhat_10.1.ep6.el5
  • jboss-as-sar-0:7.2.1-5.Final_redhat_10.1.ep6.el5
  • jboss-as-security-0:7.2.1-5.Final_redhat_10.1.ep6.el5
  • jboss-as-server-0:7.2.1-5.Final_redhat_10.1.ep6.el5
  • jboss-as-system-jmx-0:7.2.1-5.Final_redhat_10.1.ep6.el5
  • jboss-as-threads-0:7.2.1-5.Final_redhat_10.1.ep6.el5
  • jboss-as-transactions-0:7.2.1-5.Final_redhat_10.1.ep6.el5
  • jboss-as-version-0:7.2.1-5.Final_redhat_10.1.ep6.el5
  • jboss-as-web-0:7.2.1-5.Final_redhat_10.1.ep6.el5
  • jboss-as-webservices-0:7.2.1-5.Final_redhat_10.1.ep6.el5
  • jboss-as-weld-0:7.2.1-5.Final_redhat_10.1.ep6.el5
  • jboss-as-xts-0:7.2.1-5.Final_redhat_10.1.ep6.el5
  • jboss-ejb-client-0:1.0.23-1.Final_redhat_1.ep6.el5
  • jboss-hal-0:1.5.7-1.Final_redhat_1.1.ep6.el5
  • jboss-invocation-0:1.1.2-1.Final_redhat_1.ep6.el5
  • jboss-jsp-api_2.2_spec-0:1.0.1-6.Final_redhat_2.ep6.el5
  • jboss-logmanager-0:1.4.3-1.Final_redhat_1.ep6.el5
  • jboss-marshalling-0:1.3.18-2.GA_redhat_1.1.ep6.el5
  • jboss-modules-0:1.2.2-1.Final_redhat_1.ep6.el5
  • jboss-remote-naming-0:1.0.7-1.Final_redhat_1.ep6.el5
  • jboss-security-negotiation-0:2.2.5-2.Final_redhat_2.ep6.el5
  • jboss-stdio-0:1.0.2-1.GA_redhat_1.ep6.el5
  • jbossas-appclient-0:7.2.1-5.Final_redhat_10.1.ep6.el5
  • jbossas-bundles-0:7.2.1-5.Final_redhat_10.1.ep6.el5
  • jbossas-core-0:7.2.1-6.Final_redhat_10.1.ep6.el5
  • jbossas-domain-0:7.2.1-5.Final_redhat_10.1.ep6.el5
  • jbossas-hornetq-native-0:2.3.5-1.Final_redhat_1.ep6.el5
  • jbossas-javadocs-0:7.2.1-2.Final_redhat_10.ep6.el5
  • jbossas-modules-eap-0:7.2.1-9.Final_redhat_10.1.ep6.el5
  • jbossas-product-eap-0:7.2.1-5.Final_redhat_10.1.ep6.el5
  • jbossas-standalone-0:7.2.1-6.Final_redhat_10.1.ep6.el5
  • jbossas-welcome-content-eap-0:7.2.1-5.Final_redhat_10.1.ep6.el5
  • jbossts-1:4.17.7-4.Final_redhat_4.ep6.el5
  • jbossweb-0:7.2.2-1.Final_redhat_1.1.ep6.el5
  • jbossws-common-0:2.1.3-1.Final_redhat_1.ep6.el5
  • jbossws-cxf-0:4.1.4-7.Final_redhat_7.ep6.el5
  • jbossws-spi-0:2.1.3-1.Final_redhat_1.ep6.el5
  • jcip-annotations-eap6-0:1.0-4.redhat_4.ep6.el5
  • jgroups-1:3.2.10-1.Final_redhat_2.2.ep6.el5
  • log4j-jboss-logmanager-0:1.0.2-1.Final_redhat_1.ep6.el5
  • mod_ssl-1:2.2.22-25.ep6.el5
  • netty-0:3.6.6-3.Final_redhat_1.1.ep6.el5
  • opensaml-0:2.5.1-2.redhat_2.1.ep6.el5
  • openws-0:1.4.2-10.redhat_4.1.ep6.el5
  • picketbox-0:4.0.17-3.SP2_redhat_2.1.ep6.el5
  • picketlink-federation-0:2.1.6.3-2.Final_redhat_2.2.ep6.el5
  • wss4j-0:1.6.10-1.redhat_1.ep6.el5
  • xml-security-0:1.5.5-1.redhat_1.ep6.el5
  • apache-commons-beanutils-0:1.8.3-12.redhat_3.2.ep6.el6
  • apache-commons-daemon-jsvc-eap6-1:1.0.15-2.redhat_2.ep6.el6
  • apache-commons-daemon-jsvc-eap6-debuginfo-1:1.0.15-2.redhat_2.ep6.el6
  • apache-cxf-0:2.6.8-8.redhat_7.1.ep6.el6
  • apache-cxf-xjc-utils-0:2.6.0-2.redhat_4.1.ep6.el6
  • cxf-xjc-boolean-0:2.6.0-2.redhat_4.1.ep6.el6
  • cxf-xjc-dv-0:2.6.0-2.redhat_4.1.ep6.el6
  • cxf-xjc-ts-0:2.6.0-2.redhat_4.1.ep6.el6
  • hibernate4-0:4.2.0-7.SP1_redhat_1.ep6.el6
  • hibernate4-core-0:4.2.0-7.SP1_redhat_1.ep6.el6
  • hibernate4-entitymanager-0:4.2.0-7.SP1_redhat_1.ep6.el6
  • hibernate4-envers-0:4.2.0-7.SP1_redhat_1.ep6.el6
  • hibernate4-infinispan-0:4.2.0-7.SP1_redhat_1.ep6.el6
  • hornetq-0:2.3.5-2.Final_redhat_2.1.ep6.el6
  • hornetq-native-0:2.3.5-1.Final_redhat_1.ep6.el6
  • hornetq-native-debuginfo-0:2.3.5-1.Final_redhat_1.ep6.el6
  • httpd-0:2.2.22-25.ep6.el6
  • httpd-debuginfo-0:2.2.22-25.ep6.el6
  • httpd-devel-0:2.2.22-25.ep6.el6
  • httpd-manual-0:2.2.22-25.ep6.el6
  • httpd-tools-0:2.2.22-25.ep6.el6
  • infinispan-0:5.2.7-1.Final_redhat_1.ep6.el6
  • infinispan-cachestore-jdbc-0:5.2.7-1.Final_redhat_1.ep6.el6
  • infinispan-cachestore-remote-0:5.2.7-1.Final_redhat_1.ep6.el6
  • infinispan-client-hotrod-0:5.2.7-1.Final_redhat_1.ep6.el6
  • infinispan-core-0:5.2.7-1.Final_redhat_1.ep6.el6
  • ironjacamar-0:1.0.19-1.Final_redhat_2.ep6.el6
  • ironjacamar-common-api-0:1.0.19-1.Final_redhat_2.ep6.el6
  • ironjacamar-common-impl-0:1.0.19-1.Final_redhat_2.ep6.el6
  • ironjacamar-common-spi-0:1.0.19-1.Final_redhat_2.ep6.el6
  • ironjacamar-core-api-0:1.0.19-1.Final_redhat_2.ep6.el6
  • ironjacamar-core-impl-0:1.0.19-1.Final_redhat_2.ep6.el6
  • ironjacamar-deployers-common-0:1.0.19-1.Final_redhat_2.ep6.el6
  • ironjacamar-jdbc-0:1.0.19-1.Final_redhat_2.ep6.el6
  • ironjacamar-spec-api-0:1.0.19-1.Final_redhat_2.ep6.el6
  • ironjacamar-validator-0:1.0.19-1.Final_redhat_2.ep6.el6
  • jaxbintros-0:1.0.2-16.GA_redhat_6.ep6.el6
  • jboss-aesh-0:0.33.7-2.redhat_2.1.ep6.el6
  • jboss-as-appclient-0:7.2.1-5.Final_redhat_10.1.ep6.el6
  • jboss-as-cli-0:7.2.1-5.Final_redhat_10.1.ep6.el6
  • jboss-as-client-all-0:7.2.1-5.Final_redhat_10.1.ep6.el6
  • jboss-as-clustering-0:7.2.1-5.Final_redhat_10.1.ep6.el6
  • jboss-as-cmp-0:7.2.1-5.Final_redhat_10.1.ep6.el6
  • jboss-as-configadmin-0:7.2.1-5.Final_redhat_10.1.ep6.el6
  • jboss-as-connector-0:7.2.1-5.Final_redhat_10.1.ep6.el6
  • jboss-as-console-0:1.5.6-2.Final_redhat_2.1.ep6.el6
  • jboss-as-controller-0:7.2.1-5.Final_redhat_10.1.ep6.el6
  • jboss-as-controller-client-0:7.2.1-5.Final_redhat_10.1.ep6.el6
  • jboss-as-deployment-repository-0:7.2.1-5.Final_redhat_10.1.ep6.el6
  • jboss-as-deployment-scanner-0:7.2.1-5.Final_redhat_10.1.ep6.el6
  • jboss-as-domain-http-0:7.2.1-5.Final_redhat_10.1.ep6.el6
  • jboss-as-domain-management-0:7.2.1-5.Final_redhat_10.1.ep6.el6
  • jboss-as-ee-0:7.2.1-5.Final_redhat_10.1.ep6.el6
  • jboss-as-ee-deployment-0:7.2.1-5.Final_redhat_10.1.ep6.el6
  • jboss-as-ejb3-0:7.2.1-5.Final_redhat_10.1.ep6.el6
  • jboss-as-embedded-0:7.2.1-5.Final_redhat_10.1.ep6.el6
  • jboss-as-host-controller-0:7.2.1-5.Final_redhat_10.1.ep6.el6
  • jboss-as-jacorb-0:7.2.1-5.Final_redhat_10.1.ep6.el6
  • jboss-as-jaxr-0:7.2.1-5.Final_redhat_10.1.ep6.el6
  • jboss-as-jaxrs-0:7.2.1-5.Final_redhat_10.1.ep6.el6
  • jboss-as-jdr-0:7.2.1-5.Final_redhat_10.1.ep6.el6
  • jboss-as-jmx-0:7.2.1-5.Final_redhat_10.1.ep6.el6
  • jboss-as-jpa-0:7.2.1-5.Final_redhat_10.1.ep6.el6
  • jboss-as-jsf-0:7.2.1-5.Final_redhat_10.1.ep6.el6
  • jboss-as-jsr77-0:7.2.1-5.Final_redhat_10.1.ep6.el6
  • jboss-as-logging-0:7.2.1-5.Final_redhat_10.1.ep6.el6
  • jboss-as-mail-0:7.2.1-5.Final_redhat_10.1.ep6.el6
  • jboss-as-management-client-content-0:7.2.1-5.Final_redhat_10.1.ep6.el6
  • jboss-as-messaging-0:7.2.1-5.Final_redhat_10.1.ep6.el6
  • jboss-as-modcluster-0:7.2.1-5.Final_redhat_10.1.ep6.el6
  • jboss-as-naming-0:7.2.1-5.Final_redhat_10.1.ep6.el6
  • jboss-as-network-0:7.2.1-5.Final_redhat_10.1.ep6.el6
  • jboss-as-osgi-0:7.2.1-5.Final_redhat_10.1.ep6.el6
  • jboss-as-osgi-configadmin-0:7.2.1-5.Final_redhat_10.1.ep6.el6
  • jboss-as-osgi-service-0:7.2.1-5.Final_redhat_10.1.ep6.el6
  • jboss-as-platform-mbean-0:7.2.1-5.Final_redhat_10.1.ep6.el6
  • jboss-as-pojo-0:7.2.1-5.Final_redhat_10.1.ep6.el6
  • jboss-as-process-controller-0:7.2.1-5.Final_redhat_10.1.ep6.el6
  • jboss-as-protocol-0:7.2.1-5.Final_redhat_10.1.ep6.el6
  • jboss-as-remoting-0:7.2.1-5.Final_redhat_10.1.ep6.el6
  • jboss-as-sar-0:7.2.1-5.Final_redhat_10.1.ep6.el6
  • jboss-as-security-0:7.2.1-5.Final_redhat_10.1.ep6.el6
  • jboss-as-server-0:7.2.1-5.Final_redhat_10.1.ep6.el6
  • jboss-as-system-jmx-0:7.2.1-5.Final_redhat_10.1.ep6.el6
  • jboss-as-threads-0:7.2.1-5.Final_redhat_10.1.ep6.el6
  • jboss-as-transactions-0:7.2.1-5.Final_redhat_10.1.ep6.el6
  • jboss-as-version-0:7.2.1-5.Final_redhat_10.1.ep6.el6
  • jboss-as-web-0:7.2.1-5.Final_redhat_10.1.ep6.el6
  • jboss-as-webservices-0:7.2.1-5.Final_redhat_10.1.ep6.el6
  • jboss-as-weld-0:7.2.1-5.Final_redhat_10.1.ep6.el6
  • jboss-as-xts-0:7.2.1-5.Final_redhat_10.1.ep6.el6
  • jboss-ejb-client-0:1.0.23-1.Final_redhat_1.ep6.el6
  • jboss-hal-0:1.5.7-1.Final_redhat_1.1.ep6.el6
  • jboss-invocation-0:1.1.2-1.Final_redhat_1.ep6.el6
  • jboss-jsp-api_2.2_spec-0:1.0.1-6.Final_redhat_2.ep6.el6
  • jboss-logmanager-0:1.4.3-1.Final_redhat_1.ep6.el6
  • jboss-marshalling-0:1.3.18-1.GA_redhat_1.1.ep6.el6
  • jboss-modules-0:1.2.2-1.Final_redhat_1.ep6.el6
  • jboss-remote-naming-0:1.0.7-1.Final_redhat_1.ep6.el6
  • jboss-security-negotiation-0:2.2.5-2.Final_redhat_2.ep6.el6
  • jboss-stdio-0:1.0.2-1.GA_redhat_1.ep6.el6
  • jbossas-appclient-0:7.2.1-5.Final_redhat_10.1.ep6.el6
  • jbossas-bundles-0:7.2.1-5.Final_redhat_10.1.ep6.el6
  • jbossas-core-0:7.2.1-6.Final_redhat_10.1.ep6.el6
  • jbossas-domain-0:7.2.1-5.Final_redhat_10.1.ep6.el6
  • jbossas-hornetq-native-0:2.3.5-1.Final_redhat_1.ep6.el6
  • jbossas-javadocs-0:7.2.1-2.Final_redhat_10.ep6.el6
  • jbossas-modules-eap-0:7.2.1-9.Final_redhat_10.1.ep6.el6
  • jbossas-product-eap-0:7.2.1-5.Final_redhat_10.1.ep6.el6
  • jbossas-standalone-0:7.2.1-6.Final_redhat_10.1.ep6.el6
  • jbossas-welcome-content-eap-0:7.2.1-5.Final_redhat_10.1.ep6.el6
  • jbossts-1:4.17.7-4.Final_redhat_4.ep6.el6
  • jbossweb-0:7.2.2-1.Final_redhat_1.1.ep6.el6
  • jbossws-common-0:2.1.3-1.Final_redhat_1.ep6.el6
  • jbossws-cxf-0:4.1.4-7.Final_redhat_7.ep6.el6
  • jbossws-spi-0:2.1.3-1.Final_redhat_1.ep6.el6
  • jcip-annotations-eap6-0:1.0-4.redhat_4.ep6.el6
  • jgroups-1:3.2.10-1.Final_redhat_2.2.ep6.el6
  • log4j-jboss-logmanager-0:1.0.2-1.Final_redhat_1.ep6.el6
  • mod_ssl-1:2.2.22-25.ep6.el6
  • netty-0:3.6.6-2.Final_redhat_1.1.ep6.el6
  • opensaml-0:2.5.1-2.redhat_2.1.ep6.el6
  • openws-0:1.4.2-10.redhat_4.1.ep6.el6
  • picketbox-0:4.0.17-3.SP2_redhat_2.1.ep6.el6
  • picketlink-federation-0:2.1.6.3-2.Final_redhat_2.2.ep6.el6
  • wss4j-0:1.6.10-1.redhat_1.ep6.el6
  • xml-security-0:1.5.5-1.redhat_1.ep6.el6
refmap via4
bid
  • 59826
  • 64758
cisco 20130822 Apache HTTP Server mod_rewrite Log File Manipulation Vulnerability
confirm
hp
  • HPSBUX02927
  • SSRT101288
mandriva MDVSA-2013:174
mlist
  • [httpd-cvs] 20190815 svn commit: r1048742 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
  • [httpd-cvs] 20190815 svn commit: r1048742 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
  • [httpd-cvs] 20190815 svn commit: r1048743 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
  • [httpd-cvs] 20190815 svn commit: r1048743 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
  • [httpd-cvs] 20200401 svn commit: r1058586 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
  • [httpd-cvs] 20200401 svn commit: r1058586 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
  • [httpd-cvs] 20200401 svn commit: r1058587 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
  • [httpd-cvs] 20200401 svn commit: r1058587 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
secunia 55032
suse
  • openSUSE-SU-2013:1337
  • openSUSE-SU-2013:1340
  • openSUSE-SU-2013:1341
ubuntu USN-1903-1
Last major update 06-06-2021 - 11:15
Published 10-06-2013 - 17:55
Last modified 06-06-2021 - 11:15
Back to Top