CVE-2013-1862

medium

Apache

CVSS v3 Base Score

5.1

AV:N/AC:H/Au:N/C:P/I:P/A:P

EPSS Score

39.6%

Exploitation probability in 30 days

Top 3% most likely to be exploited

Attack Characteristics

Attack Vector

Network

Attack Complexity

High

Confidentiality

Integrity

Availability

Published: June 10, 2013 (4721 days ago)

Last Modified: April 29, 2026

Vendor: Apache

Source: NVD

Description

mod_rewrite.c in the mod_rewrite module in the Apache HTTP Server 2.2.x before 2.2.25 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to execute arbitrary commands via an HTTP request containing an escape sequence for a terminal emulator.

CWE

NVD-CWE-noinfo

Affected Products

apache http serverredhat jboss enterprise application platformoracle http serverredhat enterprise linux desktopredhat enterprise linux eusredhat enterprise linux serverredhat enterprise linux server ausredhat enterprise linux workstationcanonical ubuntu linuxopensuse opensuse

References

🔗 lists.opensuse.org 🔗 lists.opensuse.org 🔗 lists.opensuse.org 🔗 people.apache.org 🔗 rhn.redhat.com

CVE-2013-1862

Vulnerability Report

Description

CWE

Affected Products

References