DaemonForums  

Go Back   DaemonForums > DaemonForums.org > News

News News regarding BSD and related.

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 30th May 2013
J65nko J65nko is offline
Administrator
 
Join Date: May 2008
Location: Budel - the Netherlands
Posts: 4,125
Default Log file vulnerability in Apache server

From http://h-online.com/-1873651

Quote:
A security hole that allows attackers to take control of the server has been found in Apache. The vulnerability is contained in the do_rewritelog() log function of mod_rewrite. This function insufficiently filters the data that is written to the log file. Attackers can potentially use specially crafted HTTP requests to inject escape sequences into the log file, which could possibly cause the server to execute commands without the administrator's authorisation when the log file is displayed in the terminal.
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Update fixes DoS vulnerability in DHCPv6 server J65nko News 0 28th January 2011 05:52 PM
Minimal Apache configuration file for subversion Carpetsmoker Guides 0 18th May 2010 06:42 PM
can not star Apache web server. bsdnewbie999 OpenBSD General 21 4th April 2009 07:18 AM
Default Apache won't read .css file erehwon OpenBSD General 23 21st September 2008 10:21 PM
Swfdec read-only file access vulnerability corey_james FreeBSD Ports and Packages 0 14th May 2008 11:31 PM


All times are GMT. The time now is 06:21 AM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick