MDVSA-2013:174 -- Mandriva apacheID: oval:org.secpod.oval:def:1300202 | Date: (C)2013-06-14 (M)2023-12-07 |
Class: PATCH | Family: unix |
Multiple vulnerabilities has been found and corrected in apache: mod_rewrite.c in the mod_rewrite module in the Apache HTTP Server 2.2.x before 2.2.25 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to execute arbitrary commands via an HTTP request containing an escape sequence for a terminal emulator . A buffer overflow when reading digest password file with very long lines in htdigest was discovered . The updated packages have been patched to correct these issues.
Platform: |
Mandriva Enterprise Server 5.2 |