Ubuntu 10.04 LTS / 12.04 LTS / 12.10 / 13.04 : apache2 vulnerabilities (USN-1903-1)
Medium Nessus Plugin ID 68902
SynopsisThe remote Ubuntu host is missing a security-related patch.
DescriptionIt was discovered that the mod_rewrite module incorrectly sanitized non- printable characters before writing data to log files. A remote attacker could possibly use this flaw to execute arbitrary commands by injecting escape sequences in the log file. (CVE-2013-1862)
It was discovered that the mod_dav module incorrectly handled certain MERGE requests. A remote attacker could use this issue to cause the server to stop responding, resulting in a denial of service.
Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
SolutionUpdate the affected apache2.2-common package.