ID CVE-2003-0020
Summary Apache does not filter terminal escape sequences from its error logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences.
References
Vulnerable Configurations
  • Apache Software Foundation Apache HTTP Server
    cpe:2.3:a:apache:http_server
CVSS
Base: 5.0 (as of 01-01-2004 - 00:00)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE PARTIAL NONE
nessus via4
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2003-244.NASL
    description Updated Apache and mod_ssl packages that fix several minor security issues are now available for Red Hat Enterprise Linux. The Apache HTTP server is a powerful, full-featured, efficient, and freely-available Web server. Ben Laurie found a bug in the optional renegotiation code in mod_ssl which can cause cipher suite restrictions to be ignored. This is triggered if optional renegotiation is used (SSLOptions +OptRenegotiate) along with verification of client certificates and a change to the cipher suite over the renegotiation. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2003-0192 to this issue. Apache does not filter terminal escape sequences from its error logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2003-0020 to this issue. It is possible to get Apache 1.3 to get into an infinite loop handling internal redirects and nested subrequests. A patch for this issue adds a new LimitInternalRecursion directive. All users of the Apache HTTP Web Server are advised to upgrade to the applicable errata packages, which contain back-ported fixes correcting these issues. After the errata packages are installed, restart the Web service by running the following command : /sbin/service httpd restart
    last seen 2019-01-16
    modified 2018-11-15
    plugin id 12412
    published 2004-07-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=12412
    title RHEL 2.1 : apache (RHSA-2003:244)
  • NASL family Web Servers
    NASL id APACHE_LOG_INJECTION.NASL
    description The target is running an Apache web server that allows for the injection of arbitrary escape sequences into its error logs. An attacker might use this vulnerability in an attempt to exploit similar vulnerabilities in terminal emulators. ***** Nessus has determined the vulnerability exists only by looking at ***** the Server header returned by the web server running on the target.
    last seen 2019-01-16
    modified 2018-06-27
    plugin id 12239
    published 2004-05-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=12239
    title Apache < 1.3.31 / 2.0.49 Log Entry Terminal Escape Sequence Injection
  • NASL family Mandriva Local Security Checks
    NASL id MANDRAKE_MDKSA-2003-050.NASL
    description A memory leak was discovered in Apache 2.0 through 2.0.44 that can allow a remote attacker to cause a significant denial of service (DoS) by sending requests containing a lot of linefeed characters to the server. As well, Apache does not filter terminal escape sequences from its log files, which could make it easy for an attacker to insert those sequences into the error and access logs, which could possibly be viewed by certain terminal emulators with vulnerabilities related to escape sequences. After upgrading these packages, be sure to restart the httpd server by executing : service httpd restart
    last seen 2019-01-16
    modified 2018-07-19
    plugin id 14034
    published 2004-07-31
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=14034
    title Mandrake Linux Security Advisory : apache2 (MDKSA-2003:050)
  • NASL family HP-UX Local Security Checks
    NASL id HPUX_PHSS_30648.NASL
    description s700_800 11.04 Virtualvault 4.5 OWS update : The remote HP-UX host is affected by multiple vulnerabilities : - Two potential security vulnerabilities have been identified in OpenSSL by NISCC (224012/1 and 224012/2). The Common Vulnerabilities and Exposures project has referenced them as the following CAN-2004-0079, and CAN-2004-0112. The CERT summary is TA04-078A. 1. The do_change_cipher_spec function in OpenSSL allows remote attackers to cause a denial of service via a crafted SSL/TLS handshake that triggers a null dereference. CVE-2004-0079 2. The SSL/TLS handshaking, when using Kerberos ciphersuites, does not properly check the length of Kerberos tickets during a handshake, which allows remote attackers to cause a denial of service via a crafted SSL/TLS handshake that causes an out-of-bounds read. CVE-2004-0112. (HPSBUX01019 SSRT4717) - A potential security vulnerability has been identified with Apache running on HP-UX where a buffer overflow could be exploited remotely to execute arbitrary code. - A potential security vulnerability has been identified with HP-UX running Apache where the vulnerability could be exploited remotely to create a Denial of Service (DoS) or to execute arbitrary code. - A potential security vulnerability has been identified with Apache running on HP-UX where the vulnerability could be exploited remotely to create a Denial of Service (DoS) or to bypass access restrictions.
    last seen 2019-01-16
    modified 2014-05-22
    plugin id 17532
    published 2005-03-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=17532
    title HP-UX PHSS_30648 : s700_800 11.04 Virtualvault 4.5 OWS update
  • NASL family HP-UX Local Security Checks
    NASL id HPUX_PHSS_30650.NASL
    description s700_800 11.04 Webproxy server 2.0 update : Two potential security vulnerabilities have been identified in OpenSSL by NISCC (224012/1 and 224012/2). The Common Vulnerabilities and Exposures project has referenced them as the following CAN-2004-0079, and CAN-2004-0112. The CERT summary is TA04-078A. 1. The do_change_cipher_spec function in OpenSSL allows remote attackers to cause a denial of service via a crafted SSL/TLS handshake that triggers a null dereference. CVE-2004-0079 2. The SSL/TLS handshaking, when using Kerberos ciphersuites, does not properly check the length of Kerberos tickets during a handshake, which allows remote attackers to cause a denial of service via a crafted SSL/TLS handshake that causes an out-of-bounds read. CVE-2004-0112.
    last seen 2019-01-16
    modified 2014-05-22
    plugin id 17534
    published 2005-03-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=17534
    title HP-UX PHSS_30650 : HP-UX Running Apache, Remote Denial of Service (DoS) (HPSBUX01019 SSRT4717 rev.3)
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS8_X86_116974.NASL
    description SunOS 5.8_x86: Apache Patch. Date this patch was last updated by Sun : Apr/23/08
    last seen 2018-09-01
    modified 2016-12-09
    plugin id 15483
    published 2004-10-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=15483
    title Solaris 8 (x86) : 116974-07
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS9_113146.NASL
    description SunOS 5.9: Apache Security Patch. Date this patch was last updated by Sun : Mar/05/10
    last seen 2018-09-01
    modified 2016-12-09
    plugin id 13530
    published 2004-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=13530
    title Solaris 9 (sparc) : 113146-13
  • NASL family Slackware Local Security Checks
    NASL id SLACKWARE_SSA_2004-133-01.NASL
    description New apache packages are available for Slackware 8.1, 9.0, 9.1, and -current to fix security issues. These include a possible denial-of-service attack as well as the ability to possible pipe shell escapes through Apache's errorlog (which could create an exploit if the error log is read in a terminal program that does not filter such escapes). We recommend that sites running Apache upgrade to the new Apache package.
    last seen 2019-01-16
    modified 2018-08-09
    plugin id 18787
    published 2005-07-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=18787
    title Slackware 8.1 / 9.0 / 9.1 / current : apache (SSA:2004-133-01)
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS8_116973.NASL
    description SunOS 5.8: Apache Patch. Date this patch was last updated by Sun : Apr/24/08
    last seen 2018-09-01
    modified 2016-12-09
    plugin id 15482
    published 2004-10-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=15482
    title Solaris 8 (sparc) : 116973-07
  • NASL family HP-UX Local Security Checks
    NASL id HPUX_PHSS_30642.NASL
    description s700_800 11.04 Virtualvault 4.7 TGP update : Two potential security vulnerabilities have been identified in OpenSSL by NISCC (224012/1 and 224012/2). The Common Vulnerabilities and Exposures project has referenced them as the following CAN-2004-0079, and CAN-2004-0112. The CERT summary is TA04-078A. 1. The do_change_cipher_spec function in OpenSSL allows remote attackers to cause a denial of service via a crafted SSL/TLS handshake that triggers a null dereference. CVE-2004-0079 2. The SSL/TLS handshaking, when using Kerberos ciphersuites, does not properly check the length of Kerberos tickets during a handshake, which allows remote attackers to cause a denial of service via a crafted SSL/TLS handshake that causes an out-of-bounds read. CVE-2004-0112.
    last seen 2019-01-16
    modified 2014-05-22
    plugin id 17527
    published 2005-03-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=17527
    title HP-UX PHSS_30642 : HP-UX Running Apache, Remote Denial of Service (DoS) (HPSBUX01019 SSRT4717 rev.3)
  • NASL family HP-UX Local Security Checks
    NASL id HPUX_PHSS_30646.NASL
    description s700_800 11.04 Virtualvault 4.6 TGP update : Two potential security vulnerabilities have been identified in OpenSSL by NISCC (224012/1 and 224012/2). The Common Vulnerabilities and Exposures project has referenced them as the following CAN-2004-0079, and CAN-2004-0112. The CERT summary is TA04-078A. 1. The do_change_cipher_spec function in OpenSSL allows remote attackers to cause a denial of service via a crafted SSL/TLS handshake that triggers a null dereference. CVE-2004-0079 2. The SSL/TLS handshaking, when using Kerberos ciphersuites, does not properly check the length of Kerberos tickets during a handshake, which allows remote attackers to cause a denial of service via a crafted SSL/TLS handshake that causes an out-of-bounds read. CVE-2004-0112.
    last seen 2019-01-16
    modified 2014-05-22
    plugin id 17531
    published 2005-03-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=17531
    title HP-UX PHSS_30646 : HP-UX Running Apache, Remote Denial of Service (DoS) (HPSBUX01019 SSRT4717 rev.3)
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS9_X86_114145.NASL
    description SunOS 5.9_x86: Apache Security Patch. Date this patch was last updated by Sun : Mar/05/10
    last seen 2018-09-01
    modified 2016-12-09
    plugin id 13593
    published 2004-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=13593
    title Solaris 9 (x86) : 114145-12
  • NASL family HP-UX Local Security Checks
    NASL id HPUX_PHSS_30647.NASL
    description s700_800 11.04 Virtualvault 4.5 IWS Update : The remote HP-UX host is affected by multiple vulnerabilities : - A potential security vulnerability has been identified with Apache running on HP-UX where the vulnerability could be exploited remotely to create a Denial of Service (DoS) or to bypass access restrictions. - A potential security vulnerability has been identified with HP-UX running Apache where the vulnerability could be exploited remotely to create a Denial of Service (DoS) or to execute arbitrary code. - A potential security vulnerability has been identified with Apache running on HP-UX where a buffer overflow could be exploited remotely to execute arbitrary code. - Two potential security vulnerabilities have been identified in OpenSSL by NISCC (224012/1 and 224012/2). The Common Vulnerabilities and Exposures project has referenced them as the following CAN-2004-0079, and CAN-2004-0112. The CERT summary is TA04-078A. 1. The do_change_cipher_spec function in OpenSSL allows remote attackers to cause a denial of service via a crafted SSL/TLS handshake that triggers a null dereference. CVE-2004-0079 2. The SSL/TLS handshaking, when using Kerberos ciphersuites, does not properly check the length of Kerberos tickets during a handshake, which allows remote attackers to cause a denial of service via a crafted SSL/TLS handshake that causes an out-of-bounds read. CVE-2004-0112. (HPSBUX01019 SSRT4717)
    last seen 2019-01-16
    modified 2014-05-22
    plugin id 17070
    published 2005-02-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=17070
    title HP-UX PHSS_30647 : s700_800 11.04 Virtualvault 4.5 IWS Update
  • NASL family HP-UX Local Security Checks
    NASL id HPUX_PHSS_30644.NASL
    description s700_800 11.04 Virtualvault 4.6 OpenSSH update : Two potential security vulnerabilities have been identified in OpenSSL by NISCC (224012/1 and 224012/2). The Common Vulnerabilities and Exposures project has referenced them as the following CAN-2004-0079, and CAN-2004-0112. The CERT summary is TA04-078A. 1. The do_change_cipher_spec function in OpenSSL allows remote attackers to cause a denial of service via a crafted SSL/TLS handshake that triggers a null dereference. CVE-2004-0079 2. The SSL/TLS handshaking, when using Kerberos ciphersuites, does not properly check the length of Kerberos tickets during a handshake, which allows remote attackers to cause a denial of service via a crafted SSL/TLS handshake that causes an out-of-bounds read. CVE-2004-0112.
    last seen 2019-01-16
    modified 2014-05-22
    plugin id 17529
    published 2005-03-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=17529
    title HP-UX PHSS_30644 : HP-UX Running Apache, Remote Denial of Service (DoS) (HPSBUX01019 SSRT4717 rev.3)
  • NASL family HP-UX Local Security Checks
    NASL id HPUX_PHSS_30649.NASL
    description s700_800 11.04 Webproxy server 2.1 update : Two potential security vulnerabilities have been identified in OpenSSL by NISCC (224012/1 and 224012/2). The Common Vulnerabilities and Exposures project has referenced them as the following CAN-2004-0079, and CAN-2004-0112. The CERT summary is TA04-078A. 1. The do_change_cipher_spec function in OpenSSL allows remote attackers to cause a denial of service via a crafted SSL/TLS handshake that triggers a null dereference. CVE-2004-0079 2. The SSL/TLS handshaking, when using Kerberos ciphersuites, does not properly check the length of Kerberos tickets during a handshake, which allows remote attackers to cause a denial of service via a crafted SSL/TLS handshake that causes an out-of-bounds read. CVE-2004-0112.
    last seen 2019-01-16
    modified 2014-05-22
    plugin id 17533
    published 2005-03-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=17533
    title HP-UX PHSS_30649 : HP-UX Running Apache, Remote Denial of Service (DoS) (HPSBUX01019 SSRT4717 rev.3)
  • NASL family HP-UX Local Security Checks
    NASL id HPUX_PHSS_30640.NASL
    description s700_800 11.04 Virtualvault 4.7 OpenSSH update : Two potential security vulnerabilities have been identified in OpenSSL by NISCC (224012/1 and 224012/2). The Common Vulnerabilities and Exposures project has referenced them as the following CAN-2004-0079, and CAN-2004-0112. The CERT summary is TA04-078A. 1. The do_change_cipher_spec function in OpenSSL allows remote attackers to cause a denial of service via a crafted SSL/TLS handshake that triggers a null dereference. CVE-2004-0079 2. The SSL/TLS handshaking, when using Kerberos ciphersuites, does not properly check the length of Kerberos tickets during a handshake, which allows remote attackers to cause a denial of service via a crafted SSL/TLS handshake that causes an out-of-bounds read. CVE-2004-0112.
    last seen 2019-01-16
    modified 2014-05-22
    plugin id 17525
    published 2005-03-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=17525
    title HP-UX PHSS_30640 : HP-UX Running Apache, Remote Denial of Service (DoS) (HPSBUX01019 SSRT4717 rev.3)
  • NASL family HP-UX Local Security Checks
    NASL id HPUX_PHSS_30645.NASL
    description s700_800 11.04 Virtualvault 4.6 OWS update : Two potential security vulnerabilities have been identified in OpenSSL by NISCC (224012/1 and 224012/2). The Common Vulnerabilities and Exposures project has referenced them as the following CAN-2004-0079, and CAN-2004-0112. The CERT summary is TA04-078A. 1. The do_change_cipher_spec function in OpenSSL allows remote attackers to cause a denial of service via a crafted SSL/TLS handshake that triggers a null dereference. CVE-2004-0079 2. The SSL/TLS handshaking, when using Kerberos ciphersuites, does not properly check the length of Kerberos tickets during a handshake, which allows remote attackers to cause a denial of service via a crafted SSL/TLS handshake that causes an out-of-bounds read. CVE-2004-0112.
    last seen 2019-01-16
    modified 2014-05-22
    plugin id 17530
    published 2005-03-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=17530
    title HP-UX PHSS_30645 : HP-UX Running Apache, Remote Denial of Service (DoS) (HPSBUX01019 SSRT4717 rev.3)
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_SECUPD20041202.NASL
    description The remote host is missing Security Update 2004-12-02. This security update contains a number of fixes for the following programs : - Apache - Apache2 - AppKit - Cyrus IMAP - HIToolbox - Kerberos - Postfix - PSNormalizer - QuickTime Streaming Server - Safari - Terminal These programs contain multiple vulnerabilities that could allow a remote attacker to execute arbitrary code.
    last seen 2019-01-16
    modified 2018-07-14
    plugin id 15898
    published 2004-12-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=15898
    title Mac OS X Multiple Vulnerabilities (Security Update 2004-12-02)
  • NASL family HP-UX Local Security Checks
    NASL id HPUX_PHSS_30641.NASL
    description s700_800 11.04 Virtualvault 4.7 OWS update : Two potential security vulnerabilities have been identified in OpenSSL by NISCC (224012/1 and 224012/2). The Common Vulnerabilities and Exposures project has referenced them as the following CAN-2004-0079, and CAN-2004-0112. The CERT summary is TA04-078A. 1. The do_change_cipher_spec function in OpenSSL allows remote attackers to cause a denial of service via a crafted SSL/TLS handshake that triggers a null dereference. CVE-2004-0079 2. The SSL/TLS handshaking, when using Kerberos ciphersuites, does not properly check the length of Kerberos tickets during a handshake, which allows remote attackers to cause a denial of service via a crafted SSL/TLS handshake that causes an out-of-bounds read. CVE-2004-0112.
    last seen 2019-01-16
    modified 2014-05-22
    plugin id 17526
    published 2005-03-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=17526
    title HP-UX PHSS_30641 : HP-UX Running Apache, Remote Denial of Service (DoS) (HPSBUX01019 SSRT4717 rev.3)
  • NASL family HP-UX Local Security Checks
    NASL id HPUX_PHSS_30643.NASL
    description s700_800 11.04 Virtualvault 4.6 IWS update : Two potential security vulnerabilities have been identified in OpenSSL by NISCC (224012/1 and 224012/2). The Common Vulnerabilities and Exposures project has referenced them as the following CAN-2004-0079, and CAN-2004-0112. The CERT summary is TA04-078A. 1. The do_change_cipher_spec function in OpenSSL allows remote attackers to cause a denial of service via a crafted SSL/TLS handshake that triggers a null dereference. CVE-2004-0079 2. The SSL/TLS handshaking, when using Kerberos ciphersuites, does not properly check the length of Kerberos tickets during a handshake, which allows remote attackers to cause a denial of service via a crafted SSL/TLS handshake that causes an out-of-bounds read. CVE-2004-0112.
    last seen 2019-01-16
    modified 2014-05-22
    plugin id 17528
    published 2005-03-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=17528
    title HP-UX PHSS_30643 : HP-UX Running Apache, Remote Denial of Service (DoS) (HPSBUX01019 SSRT4717 rev.3)
  • NASL family HP-UX Local Security Checks
    NASL id HPUX_PHSS_30639.NASL
    description s700_800 11.04 Virtualvault 4.7 IWS update : Two potential security vulnerabilities have been identified in OpenSSL by NISCC (224012/1 and 224012/2). The Common Vulnerabilities and Exposures project has referenced them as the following CAN-2004-0079, and CAN-2004-0112. The CERT summary is TA04-078A. 1. The do_change_cipher_spec function in OpenSSL allows remote attackers to cause a denial of service via a crafted SSL/TLS handshake that triggers a null dereference. CVE-2004-0079 2. The SSL/TLS handshaking, when using Kerberos ciphersuites, does not properly check the length of Kerberos tickets during a handshake, which allows remote attackers to cause a denial of service via a crafted SSL/TLS handshake that causes an out-of-bounds read. CVE-2004-0112.
    last seen 2019-01-16
    modified 2014-05-22
    plugin id 17071
    published 2005-02-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=17071
    title HP-UX PHSS_30639 : HP-UX Running Apache, Remote Denial of Service (DoS) (HPSBUX01019 SSRT4717 rev.3)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-200405-22.NASL
    description The remote host is affected by the vulnerability described in GLSA-200405-22 (Apache 1.3: Multiple vulnerabilities) On 64-bit big-endian platforms, mod_access does not properly parse Allow/Deny rules using IP addresses without a netmask which could result in failure to match certain IP addresses. Terminal escape sequences are not filtered from error logs. This could be used by an attacker to insert escape sequences into a terminal emulator vulnerable to escape sequences. mod_digest does not properly verify the nonce of a client response by using a AuthNonce secret. This could permit an attacker to replay the response of another website. This does not affect mod_auth_digest. On certain platforms there is a starvation issue where listening sockets fails to handle short-lived connection on a rarely-accessed listening socket. This causes the child to hold the accept mutex and block out new connections until another connection arrives on the same rarely-accessed listening socket thus leading to a denial of service. Impact : These vulnerabilities could lead to attackers bypassing intended access restrictions, denial of service, and possibly execution of arbitrary code. Workaround : There is no known workaround at this time.
    last seen 2019-01-16
    modified 2018-08-10
    plugin id 14508
    published 2004-08-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=14508
    title GLSA-200405-22 : Apache 1.3: Multiple vulnerabilities
  • NASL family Mandriva Local Security Checks
    NASL id MANDRAKE_MDKSA-2004-046.NASL
    description Four security vulnerabilities were fixed with the 1.3.31 release of Apache. All of these issues have been backported and applied to the provided packages. Thanks to Ralf Engelschall of OpenPKG for providing the patches. Apache 1.3 prior to 1.3.30 did not filter terminal escape sequences from its error logs. This could make it easier for attackers to insert those sequences into the terminal emulators of administrators viewing the error logs that contain vulnerabilities related to escape sequence handling (CVE-2003-0020). mod_digest in Apache 1.3 prior to 1.3.31 did not properly verify the nonce of a client response by using an AuthNonce secret. Apache now verifies the nonce returned in the client response to check whether it was issued by itself by means of a 'AuthDigestRealmSeed' secret exposed as an MD5 checksum (CVE-2003-0987). mod_access in Apache 1.3 prior to 1.3.30, when running on big-endian 64-bit platforms, did not properly parse Allow/Deny rules using IP addresses without a netmask. This could allow a remote attacker to bypass intended access restrictions (CVE-2003-0993). Apache 1.3 prior to 1.3.30, when using multiple listening sockets on certain platforms, allows a remote attacker to cause a DoS by blocking new connections via a short-lived connection on a rarely-accessed listening socket (CVE-2004-0174). While this particular vulnerability does not affect Linux, we felt it prudent to include the fix. Update : Due to the changes in mod_digest.so, mod_perl needed to be rebuilt against the patched Apache packages in order for httpd-perl to properly load the module. The appropriate mod_perl packages have been rebuilt and are now available.
    last seen 2019-01-16
    modified 2018-07-19
    plugin id 14145
    published 2004-07-31
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=14145
    title Mandrake Linux Security Advisory : apache-mod_perl (MDKSA-2004:046-1)
oval via4
  • accepted 2005-11-16T08:02:00.000-04:00
    class vulnerability
    contributors
    name Robert L. Hollis
    organization ThreatGuard, Inc.
    description Apache does not filter terminal escape sequences from its error logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences.
    family unix
    id oval:org.mitre.oval:def:100109
    status accepted
    submitted 2005-08-16T12:00:00.000-04:00
    title Apache Error Log Escape Sequence Filtering Vulnerability
    version 32
  • accepted 2010-09-20T04:00:13.693-04:00
    class vulnerability
    contributors
    • name Jay Beale
      organization Bastille Linux
    • name Jay Beale
      organization Bastille Linux
    • name Thomas R. Jones
      organization Maitreya Security
    • name Jonathan Baker
      organization The MITRE Corporation
    description Apache does not filter terminal escape sequences from its error logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences.
    family unix
    id oval:org.mitre.oval:def:150
    status accepted
    submitted 2003-08-17T12:00:00.000-04:00
    title Apache Terminal Escape Sequence Vulnerability
    version 37
  • accepted 2004-12-09T08:46:00.000-04:00
    class vulnerability
    contributors
    • name Brian Soby
      organization The MITRE Corporation
    • name Brian Soby
      organization The MITRE Corporation
    • name Brian Soby
      organization The MITRE Corporation
    description Apache does not filter terminal escape sequences from its error logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences.
    family unix
    id oval:org.mitre.oval:def:4114
    status accepted
    submitted 2004-10-14T01:14:00.000-04:00
    title Apache Error Log Escape Sequence Injection Vulnerability
    version 31
packetstorm via4
redhat via4
advisories
  • rhsa
    id RHSA-2003:082
  • rhsa
    id RHSA-2003:083
  • rhsa
    id RHSA-2003:104
  • rhsa
    id RHSA-2003:139
  • rhsa
    id RHSA-2003:243
  • rhsa
    id RHSA-2003:244
refmap via4
apple APPLE-SA-2004-05-03
bid 9930
bugtraq
  • 20030224 Terminal Emulator Security Issues
  • 20040512 [OpenPKG-SA-2004.021] OpenPKG Security Advisory (apache)
gentoo GLSA-200405-22
hp SSRT4717
mandrake
  • MDKSA-2003:050
  • MDKSA-2004:046
slackware SSA:2004-133
sunalert
  • 101555
  • 57628
trustix
  • 2004-0017
  • 2004-0027
vulnwatch 20030224 Terminal Emulator Security Issues
xf apache-esc-seq-injection(11412)
statements via4
contributor Mark J Cox
lastmodified 2008-07-02
organization Apache
statement Fixed in Apache HTTP Server 2.0.49 and 1.3.31 http://httpd.apache.org/security/vulnerabilities_20.html http://httpd.apache.org/security/vulnerabilities_13.html
Last major update 17-10-2016 - 22:28
Published 18-03-2003 - 00:00
Last modified 09-10-2017 - 21:30
Back to Top