PT-2013-5733 · Apache · Apache Mod Accounting Module

Published

2013-09-30

Updated

2013-10-11

CVE-2013-5697

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Apache mod accounting module version 0.5 and earlier

Description The issue allows remote attackers to execute arbitrary SQL commands. This is achieved by exploiting a SQL injection vulnerability in the mod accounting.c file within the mod accounting module for Apache. The vulnerability can be triggered via a Host header.

Recommendations For Apache mod accounting module version 0.5 and earlier, consider updating to a version later than 0.5 to resolve the issue. As a temporary workaround, restrict access to the mod accounting module to minimize the risk of exploitation. Avoid using the Host header in a way that could trigger the SQL injection until the issue is resolved.

Exploit

Fix

RCE

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

CVE-2013-5697

Affected Products

Apache Mod Accounting Module

PT-2013-5733 · Apache · Apache Mod Accounting Module

CVE-2013-5697

Weakness Enumeration

Related Identifiers

Affected Products

References · 5