Parent Directory | Revision Log
10097: remove CVE which is not a CVE
1 | davidwhodgins | 45 | type: security |
2 | subject: Updated apache packages fix security vulnerabilities | ||
3 | CVE: | ||
4 | - CVE-2013-1862 | ||
5 | src: | ||
6 | 2: | ||
7 | core: | ||
8 | - apache-2.2.24-1.1.mga2 | ||
9 | description: | | ||
10 | It was found that mod_rewrite did not filter terminal escape sequences from | ||
11 | its log file. If mod_rewrite was configured with the RewriteLog directive, | ||
12 | a remote attacker could use specially-crafted HTTP requests to inject | ||
13 | terminal escape sequences into the mod_rewrite log file. If a victim viewed | ||
14 | the log file with a terminal emulator, it could result in arbitrary command | ||
15 | execution with the privileges of that user (CVE-2013-1862). | ||
16 | |||
17 | A buffer overflow when reading digest password file with very long lines in | ||
18 | htdigest (PR54893) | ||
19 | references: | ||
20 | - https://bugs.mageia.org/show_bug.cgi?id=10097 | ||
21 | - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1862 | ||
22 | - https://issues.apache.org/bugzilla/show_bug.cgi?id=54893 | ||
23 | - https://rhn.redhat.com/errata/RHSA-2013-0815.html | ||
24 |
ViewVC Help | |
Powered by ViewVC 1.1.30 |