1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Important: cPanel Security Notice 2013-06-03 - Easy Apache

Discussion in 'cPanel Announcements' started by Infopro, Jun 3, 2013.

  1. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    12,231
    Likes Received:
    39
    Trophy Points:
    48
    Location:
    Pennsylvania
    SUMMARY
    The Apache mod_rewrite module fails to sanitize input, which may lead to arbitrary command execution in some circumstances.

    SECURITY RATING
    The cPanel Security Team has rated this update has having critical security impact.

    Information on security ratings is available at: SecurityLevels < AllDocumentation < TWiki. You are strongly encouraged to run EasyApache and update your Apache installation at your earliest convenience.

    DETAIL
    From CVE-2013-1862: “It was found that mod_rewrite did not filter terminal escape sequences from its log file. If mod_rewrite was configured with the RewriteLog directive, a remote attacker could use specially-crafted HTTP requests to inject terminal escape sequences into the mod_rewrite log file. If a victim viewed the log file with a terminal emulator, it could result in arbitrary command execution with the privileges of that user.”

    AFFECTED VERSIONS
    All versions of Apache 2.2 and 2.4.

    SOLUTION
    cPanel, Inc has released EasyApache 3.18.16 to correct this issue. To update, rebuild your EasyApache profile. For more information on rebuilding profiles, please consult our documentation (EasyApache)

    RELEASES
    EasyApache v3.18.16 addresses all known vulnerabilities.

    Unless EasyApache updates are disabled on your system, the latest version of EasyApache will be used whenever EasyApache is run. Note that EasyApache updates must be done manually.

    REFERENCES
    * CVE-2013-1862 (CVE - CVE-2013-1862)
    * CVSSv2: (AV:N/AC:M/Au:N/C:p/I:p/A:p/E:U/RL:OF/RC:C/CDP:MH/TD:H/CR:ND/IR:ND/AR:ND)
    * RHSA-2013:0815 (Red Hat Customer Portal)
    * Apache Patch: http://people.apache.org/~jorton/mod_rewrite-CVE-2013-1862.patch
     

Share This Page