CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:H/Au:N/C:P/I:P/A:P
EPSS
Percentile
99.0%
Apache HTTP SERVER PROJECT reports:
The mod_rewrite module in the Apache HTTP Server 2.2.x before
2.2.25 writes data to a log file without sanitizing
non-printable characters, which might allow remote attackers to
execute arbitrary commands via an HTTP request containing an
escape sequence for a terminal emulator.
mod_dav: Sending a MERGE request against a URI handled by
mod_dav_svn with the source href (sent as part of the request
body as XML) pointing to a URI that is not configured for DAV
will trigger a segfault.