Posts Tagged ‘Apache mod_rewrite’

Apache VulnerabilitySecurity Bypass vulnerability has been found in the Apache mod_rewrite.

The vulnerability allows an attacker to execute arbitrary command when viewing the log file by the server administrator.

In the module mod_rewrite of the HTTP-server Apache 2.2.x series vulnerability has been discovered (CVE-2013-1862), which allows an attacker to execute arbitrary command when viewing the log file by the server administrator.

Through specially crafted requests to the web-server, an attacker can write to a log file, for example, system commands, as mod_rewrite when writing to the log file does not escape special characters. Proper manipulation of sequences allows you to run arbitrary commands as the user performing the scan log (usually these log files are readable only by the user root). (more…)