Apache < 1.3.31 / 2.0.49 Log Entry Terminal Escape Sequence Injection

The target is running an Apache web server that allows for the injection of arbitrary escape sequences into its error logs. An attacker might use this vulnerability in an attempt to exploit similar vulnerabilities in terminal emulators. Nessus has determined the vulnerability exists only by looki...

Multiple Apache vulnerabilities

modssl memory leak, logfile terminal escape sequences injection...

DEBIAN-CVE-2003-0083

Apache 1.3 before 1.3.25 and Apache 2.0 before version 2.0.46 does not filter terminal escape sequences from its access logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences, a different vulnerabilit...

security flaw

Apache does not filter terminal escape sequences from its error logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences...

poprelayd and sendmail relay authentication problem &#40;Cobalt Raq3&#41;

Hi to all, Poprelayd is a simple script that scan /var/log/maillog for valid pop logins and updates a hash db used by sendmail to permit relaying for those valid pop users, this method is called "Pop-before-smtp". The syslog string searched by the script is in this form for the qpop server /POP...

CVE-2001-1075

poprelayd script before 2.0 in Cobalt RaQ3 servers allows remote attackers to bypass authentication for relaying by causing a "POP login by user" string that includes the attacker's IP address to be injected into the maillog log file...