Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2001-1556

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2001-1556
Last Modified 05 Sep 2008 04:26:51
Published 31 Dec 2001 12:00:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2001-1556

Summary

The log files in Apache web server contain information directly supplied by clients and does not filter or quote control characters, which could allow remote attackers to hide HTTP requests and spoof source IP addresses when logs are viewed with UNIX programs such as cat, tail, and grep.

Vulnerable Systems

Application

  • Apache Http Server


References

XF - apache-hidden-http-request(7363)

CONFIRM - http://httpd.apache.org/docs/logs.html

BUGTRAQ - 20011024 Hidden requests to Apache


Last Updated: 27 May 2016 10:36:42