Anonymous | Login | 2024-05-19 17:00 CEST |
Main | My View | View Issues |
Viewing Issue Advanced Details [ Jump to Notes ] | [ View Simple ] [ Issue History ] [ Print ] | ||||||
ID | Category | Severity | Reproducibility | Date Submitted | Last Update | ||
0005142 | [apache2] upgrade | minor | N/A | 2014-01-20 13:00 | 2014-02-22 11:38 | ||
Reporter | burger99 | View Status | public | ||||
Assigned To | dam | ||||||
Priority | normal | Resolution | fixed | Platform | |||
Status | closed | OS | |||||
Projection | none | OS Version | |||||
ETA | none | Product Build | |||||
Summary | 0005142: Security issues | ||||||
Description |
mod_rewrite.c in the mod_rewrite module in the Apache HTTP Server 2.2.x before 2.2.25 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to execute arbitrary commands via an HTTP request containing an escape sequence for a terminal emulator. Newest version available is 2.2.26 |
||||||
Steps To Reproduce | |||||||
Additional Information | |||||||
Tags | No tags attached. | ||||||
Attached Files | |||||||
|
Notes | |
(0010697) dam (administrator) 2014-02-03 17:06 |
I made an experimental package which will show up soon here: http://buildfarm.opencsw.org/experimental.html#apache-2.2.26 [^] Please give it a try and let me know if you are happy with it. |
(0010730) dam (administrator) 2014-02-22 11:38 |
Apache 2.2.26,REV=2014.02.07 has been pushed to unstable/. |
Copyright © 2000 - 2008 Mantis Group |