Apache Server Log File Hole

Thursday, May 30, 2013 @ 04:05 PM gHale


A security hole that allows attackers to take control of the server is in Apache.

The vulnerability is in the do_rewritelog() log function of mod_rewrite.

RELATED STORIES
Malware Backdoor in Targeted Attacks
Multistage Attack Proves Fruitful
Apache Backdoor Leads to Blackhole
Firewall Hole Found, Patched

This function insufficiently filters the data written to the log file. Attackers can potentially use specially crafted HTTP requests to inject escape sequences into the log file, which could possibly cause the server to execute commands without the administrator’s authorization when the log file ends up displayed in the terminal.

The 2.2.x versions of Apache are vulnerable, but other branches may also have the issue. Currently, the only way of mitigating the issue is to apply a patch.

For Red Hat Enterprise Linux users, the issue is under control and fixed in RHEL 5 and 6 updates.



Leave a Reply

You must be logged in to post a comment.