Log file vulnerability in Apache server
Source: H Security - Posted by Anthony Pell   
Intrusion Detection A security hole that allows attackers to take control of the server has been found in Apache. The vulnerability is contained in the do_rewritelog() log function of mod_rewrite. This function insufficiently filters the data that is written to the log file. Attackers can potentially use specially crafted HTTP requests to inject escape sequences into the log file, which could possibly cause the server to execute commands without the administrator's authorisation when the log file is displayed in the terminal.

Read this full article at H Security

Only registered users can write comments.
Please login or register.

Powered by AkoComment!