Apache终端转义序列过滤漏洞

CVECAN ID: CVE-2003-0083 Apache是一款广泛使用的开放源代码WEB服务程序。 Apache对日志中的转义序列处理存在问题，攻击者可能利用恶意的日志信息在服务器执行任意命令。 Apache无法过滤错误日志中以ASCII（0x1B）序列开始且带有一系列参数的终端转义序列。如果攻击者能够向Apache错误日志中注入转义序列的话，就可能对远程用户发动各种攻击，包括拒绝服务，文件修改和执行任意命令。 Apache Group Apache 1.3.9 Apache Group Apache 1.3.6 Apache Group Apache 1.3.4 Apache...

CVE-2003-0083

CVE-2003-0083 affects Apache 1.3.x (before 1.3.25) and Apache 2.0.x (before 2.0.46). The issue is that terminal escape sequences are not filtered from access logs, enabling insertion of escape sequences into terminal emulators vulnerable to such sequences. This is a separate vulnerability from CV...

CVE-2003-0083

Apache 1.3 before 1.3.25 and Apache 2.0 before version 2.0.46 does not filter terminal escape sequences from its access logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences, a different vulnerabilit...