Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2003-0083

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2003-0083
Last Modified 10 Sep 2008 03:17:52
Published 02 Apr 2003 12:00:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2003-0083

Summary

Apache 1.3 before 1.3.25 and Apache 2.0 before version 2.0.46 does not filter terminal escape sequences from its access logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences, a different vulnerability than CVE-2003-0020.

Vulnerable Systems

Application

  • Apache Http Server 1.3

  • Apache Http Server 2.0


References

REDHAT - RHSA-2003:139

BUGTRAQ - 20040325 LNSA-#2004-0006: bug workaround for Apache 2.0.48

CONFIRM - http://cvs.apache.org/viewcvs.cgi/httpd-2.0/modules/loggers/mod_log_config.c?only_with_tag=APACHE_2_0_BRANCH

CONFIRM - http://cvs.apache.org/viewcvs.cgi/apache-1.3/src/modules/standard/mod_log_config.c?only_with_tag=APACHE_1_3_25

SECUNIA - 8146

BUGTRAQ - 20040325 GLSA200403-04 Multiple security vulnerabilities in Apache 2


Last Updated: 27 May 2016 10:37:46