Vulners
Lucene search
AN HTTPD 1.42 - Arbitrary Log Content Injection
source: https://www.securityfocus.com/bid/13069/info
AN HTTPD is affected by a vulnerability that may allow remote attacker to inject arbitrary content in to the log file. This issue arises due to a failure of input validation.
Corruption of logs may result in concealing attacks and/or misleading an administrator.
This issue can also be exploited to carry out other attacks such as the execution of certain BAT file commands. This can result in the disclosure of source code and text files.
This issue may also aid in the exploitation of the vulnerability described in BID 13066 (AN HTTPD CMDIS.DLL Remote Buffer Overflow Vulnerability).
AN HTTPD 1.42n is reported vulnerable, however, it is possible that other versions are affected as well.
http://www.example.com/a%20HTTP/1.0"%20200%202048%0d%0a255.255.255.255%20-%20-%20[06/Mar/2005%3a22%3a31%3a11%20+0800]%20"GET%20/hack
http://www.example.com/%0d%0atype%20cgi-bin%5Ctest.bat
To parse a command through 'cmdIS.DLL':
http://www.example.com/scripts/cmdIS.dll/httpd.log Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
08 Apr 2005 00:00Current
7.4High risk
Vulners AI Score7.4