Redhat Update for httpd
Description
Red Hat has issued an update for httpd. This fixes multiple vulnerabilities, which can be exploited by malicious people to conduct cross-site scripting attacks and compromise a vulnerable system.
1) The "do_rewritelog()" function (modules/mappers/mod_rewrite.c) does not properly handle certain escape sequences when writing to the log file and can be exploited by sending a specially crafted HTTP request.
Successful exploitation of this vulnerability may allow execution of arbitrary commands but requires the user to view the log file in a terminal emulator.
Original AdvisoryRHSA-2013:0815-1:
http://rhn.redhat.com/errata/RHSA-2013-0815.html
Red Hat:
https://bugzilla.redhat.com/show_bug.cgi?id=953729
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment