Home » Kerio User Forums » Kerio Control » Apache HTTP Server mod_rewrite Terminal Escape Sequence Vulnerability

Messages: 90
Karma: 12
Send a private message to this user
Our PCI Scan is giving us a warning due to an older version of Apache in the Control interface.

Description: The "mod_rewrite" module of the Apache HTTP Server version in use does not filter terminal escape sequences from its log file, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences.

Remediation: This issue was fixed in versions 2.2.25 and 2.0.65 of Apache HTTP Server. However, it is strongly recommended that the latest stable version with all of the appropriate patches be installed. Alternatively, this issue may be resolved by disabling the mod_rewrite module.

Is this slated to be updated in the next release of Control?

[Updated on: Fri, 14 February 2014 20:33]

Previous Topic: PPTP pass through
Next Topic: Website Filter And Redirect
Goto Forum:

Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Sun Nov 18 04:20:16 CET 2018

Total time taken to generate the page: 0.90573 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.