View Single Post
  #1   (View Single Post)  
Old 30th May 2013
J65nko J65nko is offline
Administrator
 
Join Date: May 2008
Location: Budel - the Netherlands
Posts: 4,125
Default Log file vulnerability in Apache server

From http://h-online.com/-1873651

Quote:
A security hole that allows attackers to take control of the server has been found in Apache. The vulnerability is contained in the do_rewritelog() log function of mod_rewrite. This function insufficiently filters the data that is written to the log file. Attackers can potentially use specially crafted HTTP requests to inject escape sequences into the log file, which could possibly cause the server to execute commands without the administrator's authorisation when the log file is displayed in the terminal.
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump
Reply With Quote