Anonymous | Login | 2024-05-19 16:47 CEST |
Main | My View | View Issues |
Viewing Issue Simple Details [ Jump to Notes ] | [ View Advanced ] [ Issue History ] [ Print ] | ||||||
ID | Category | Severity | Reproducibility | Date Submitted | Last Update | ||
0005142 | [apache2] upgrade | minor | N/A | 2014-01-20 13:00 | 2014-02-22 11:38 | ||
Reporter | burger99 | View Status | public | ||||
Assigned To | dam | ||||||
Priority | normal | Resolution | fixed | ||||
Status | closed | ||||||
Summary | 0005142: Security issues | ||||||
Description |
mod_rewrite.c in the mod_rewrite module in the Apache HTTP Server 2.2.x before 2.2.25 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to execute arbitrary commands via an HTTP request containing an escape sequence for a terminal emulator. Newest version available is 2.2.26 |
||||||
Additional Information | |||||||
Tags | No tags attached. | ||||||
Attached Files | |||||||
|
Notes | |
(0010697) dam (administrator) 2014-02-03 17:06 |
I made an experimental package which will show up soon here: http://buildfarm.opencsw.org/experimental.html#apache-2.2.26 [^] Please give it a try and let me know if you are happy with it. |
(0010730) dam (administrator) 2014-02-22 11:38 |
Apache 2.2.26,REV=2014.02.07 has been pushed to unstable/. |
Copyright © 2000 - 2008 Mantis Group |