Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
httpdApache Team FoundationHTTPD:7B789993A3BDA0E4D014A8671E97D1EA
HistoryFeb 24, 2003 - 12:00 a.m.

Apache Httpd < 1.3.31 : Error log escape filtering

2003-02-2400:00:00
Apache Team Foundation
httpd.apache.org
18

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.01 Low

EPSS

Percentile

83.6%

JSON

Apache does not filter terminal escape sequences from error logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences.

Related

altlinux 3
openvas 10
ubuntucve 1
cve 2
nessus 28
httpd 1
debiancve 2
seebug 3
exploitpack 1
redhat 1
securityvulns 4
packetstorm 2
exploitdb 1
cert 1
slackware 1
gentoo 1
suse 5
altlinux
altlinux
Security fix for the ALT Linux 10 package apache2 version 2.0.40-21
2003-02-24 00:00:00
Security fix for the ALT Linux 9 package apache2 version 2.0.40-21
2003-02-24 00:00:00
Security fix for the ALT Linux 8 package apache2 version 2.0.40-21
2003-02-24 00:00:00
openvas
openvas
SLES9: Security update for Apache2
2009-10-10 00:00:00
Apache Error Log Escape Sequence Injection
2005-11-03 00:00:00
SLES9: Security update for Apache2
2009-10-10 00:00:00
ubuntucve
ubuntucve
CVE-2003-0020
2003-03-18 00:00:00
cve
cve
CVE-2003-0020
2003-03-18 05:00:00
CVE-2003-0083
2003-04-02 05:00:00
nessus
nessus
Apache < 1.3.31 / 2.0.49 Log Entry Terminal Escape Sequence Injection
2004-05-17 00:00:00
Fedora Core 1 : httpd-2.0.49-1.1 (2004-117)
2004-07-23 00:00:00
RHEL 2.1 : apache (RHSA-2003:244)
2004-07-06 00:00:00
httpd
httpd
Apache Httpd < 2.0.49 : Error log escape filtering
2003-02-24 00:00:00
debiancve
debiancve
CVE-2003-0020
2003-03-18 05:00:00
CVE-2003-0083
2003-04-02 05:00:00
seebug
seebug
jetty 6.x - 7.x xss information disclosure injection
2009-10-26 00:00:00
jetty 6.x - 7.x xss, information disclosure, injection
2014-07-01 00:00:00
jetty 6.x - 7.x xss information disclosure injection
2009-10-26 00:00:00
exploitpack
exploitpack
jetty 6.x 7.x - Cross-Site Scripting Information Disclosure Injection
2009-10-26 00:00:00
redhat
redhat
(RHSA-2003:244) apache security update
2003-09-22 00:00:00
securityvulns
securityvulns
Jetty 6.x and 7.x Multiple Vulnerabilities
2009-10-26 00:00:00
SUSE Security Announcement: cvs &#40;SuSE-SA:2004:008&#41;
2004-04-15 00:00:00
Nginx, Varnish, Cherokee, thttpd, mini-httpd, WEBrick, Orion, AOLserver, Yaws and Boa log escape sequence injection
2010-01-12 00:00:00
packetstorm
packetstorm
Jetty 6.x / 7.x Information Disclosure / XSS
2009-10-26 00:00:00
Nginx, Varnish, Cherokee, etc Log Injection
2010-01-11 00:00:00
exploitdb
exploitdb
jetty 6.x &lt; 7.x - Cross-Site Scripting / Information Disclosure / Injection
2009-10-26 00:00:00
cert
cert
Apache vulnerable to DoS
2003-04-08 00:00:00
slackware
slackware
apache
2004-05-12 16:54:58
gentoo
gentoo
Apache 1.3: Multiple vulnerabilities
2004-05-26 00:00:00
suse
suse
remote file creation in kdelibs/kdelibs3
2004-05-26 11:35:37
remote code execution in cvs
2004-04-14 15:54:44
local privilege escalation in mc
2004-05-14 14:09:57

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.01 Low

EPSS

Percentile

83.6%

JSON
Related for HTTPD:7B789993A3BDA0E4D014A8671E97D1EA
altlinux3openvas10ubuntucve1cve2nessus28httpd1debiancve2seebug3exploitpack1redhat1securityvulns4packetstorm2exploitdb1cert1slackware1gentoo1suse5