From ${URL} : It was found that mod_rewrite writes data to a log file without sanitizing non-printable characters. A remote attacker could use this flaw to write terminal escape sequences to log files (if the RewriteLog directive was used by mod_rewrite). This could possibly cause arbitrary command execution, via HTTP requests containing an escape sequence for a terminal emulator. (if for example the log files were viewed in a terminal emulator) Reference: http://svn.apache.org/viewvc?view=revision&revision=r1469311 Proposed patch: http://people.apache.org/~jorton/mod_rewrite-CVE-2013-1862.patch
patch avaible: http://people.apache.org/~jorton/mod_rewrite-CVE-2013-1862.patch
Vulnerability Summary for CVE-2013-1862: Exploitability Subscore: 4.9 Authentication: Not required to exploit Impact Type:Allows unauthorized disclosure of information; Allows unauthorized modification; Allows disruption of service Vulnerable software and versions (version from portage listed) cpe:/a:apache:http_server:2.2.4 cpe:/a:apache:http_server:2.2.24
Created attachment 352658 [details, diff] A modified ebuild of version 2.2.24 which applies files/mod_rewrite-CVE-2013-1862.patch
@maintainers: This is fixed in 2.2.25, just released.
Added to existing GLSA draft
CVE-2013-1862 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1862): mod_rewrite.c in the mod_rewrite module in the Apache HTTP Server 2.2.x before 2.2.25 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to execute arbitrary commands via an HTTP request containing an escape sequence for a terminal emulator.
This issue was resolved and addressed in GLSA 201309-12 at http://security.gentoo.org/glsa/glsa-201309-12.xml by GLSA coordinator Sean Amoss (ackle).
