Hide Forgot
It was found that mod_rewrite writes data to a log file without sanitizing non-printable characters. A remote attacker could use this flaw to write terminal escape sequences to log files (if the RewriteLog directive was used by mod_rewrite). This could possibly cause arbitrary command execution, via HTTP requests containing an escape sequence for a terminal emulator. (if for example the log files were viewed in a terminal emulator) Reference: http://svn.apache.org/viewvc?view=revision&revision=r1469311 Proposed patch: http://people.apache.org/~jorton/mod_rewrite-CVE-2013-1862.patch
This issue has been addressed in following products: Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 5 Via RHSA-2013:0815 https://rhn.redhat.com/errata/RHSA-2013-0815.html
This issue has been addressed in following products: JBEWS 2 for RHEL 5 JBEWS 2 for RHEL 6 Via RHSA-2013:1133 https://rhn.redhat.com/errata/RHSA-2013-1133.html
This issue has been addressed in following products: JBEWS 2 for RHEL 5 JBEWS 2 for RHEL 6 JBEWS 2 for Solaris JBEWS 2 for Microsoft Windows Via RHSA-2013:1134 https://rhn.redhat.com/errata/RHSA-2013-1134.html
This issue has been addressed in following products: Red Hat JBoss Enterprise Application Platform 6.1.1 Via RHSA-2013:1209 https://rhn.redhat.com/errata/RHSA-2013-1209.html
This issue has been addressed in following products: JBEAP 6 for RHEL 6 Via RHSA-2013:1208 https://rhn.redhat.com/errata/RHSA-2013-1208.html
This issue has been addressed in following products: JBEAP 6 for RHEL 5 Via RHSA-2013:1207 https://rhn.redhat.com/errata/RHSA-2013-1207.html