mod_rewrite.c in the mod_rewrite module in the Apache HTTP Server 2.2.x before 2.2.25 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to execute arbitrary commands via an HTTP request containing an escape sequence for a terminal emulator.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Http_server | Apache | 2.0.0 (including) | 2.0.65 (excluding) |
Http_server | Apache | 2.2.0 (including) | 2.2.25 (excluding) |