HTTP: Apache HTTP Server mod_rewrite RewriteLog Command Execution
This signature detects attempts to exploit a known vulnerability in Apache HTTP web server mod_rewrite. The vulnerability is due to a lack of input validation in handling certain escape sequences when writing to the log file. A remote attacker can exploit these vulnerabilities by sending a specially crafted HTTP request. Successful exploitation could result in attacker controlled script command executing.
Extended Description
mod_rewrite.c in the mod_rewrite module in the Apache HTTP Server 2.2.x before 2.2.25 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to execute arbitrary commands via an HTTP request containing an escape sequence for a terminal emulator.
Affected Products
Oracle http_server
References
CVE: CVE-2013-1862
Short Name
HTTP:APACHE:MOD-REWRITE-CMD-EXE
Severity
Major
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
Apache CVE-2013-1862 Command Execution HTTP RewriteLog Server mod_rewrite
Release Date
02/18/2014
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3590
False Positive
Unknown
Vendors
Oracle
Opensuse
Apache
Redhat
Canonical
CVSS Score
5.1