ID CVE-2003-0083
Summary Apache 1.3 before 1.3.25 and Apache 2.0 before version 2.0.46 does not filter terminal escape sequences from its access logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences, a different vulnerability than CVE-2003-0020.
References
Vulnerable Configurations
  • Apache Software Foundation Apache HTTP Server 1.3
    cpe:2.3:a:apache:http_server:1.3
  • Apache Software Foundation Apache HTTP Server 2.0
    cpe:2.3:a:apache:http_server:2.0
CVSS
Base: 5.0 (as of 01-01-2004 - 00:00)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE PARTIAL NONE
nessus via4
  • NASL family Mandriva Local Security Checks
    NASL id MANDRAKE_MDKSA-2003-050.NASL
    description A memory leak was discovered in Apache 2.0 through 2.0.44 that can allow a remote attacker to cause a significant denial of service (DoS) by sending requests containing a lot of linefeed characters to the server. As well, Apache does not filter terminal escape sequences from its log files, which could make it easy for an attacker to insert those sequences into the error and access logs, which could possibly be viewed by certain terminal emulators with vulnerabilities related to escape sequences. After upgrading these packages, be sure to restart the httpd server by executing : service httpd restart
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 14034
    published 2004-07-31
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=14034
    title Mandrake Linux Security Advisory : apache2 (MDKSA-2003:050)
  • NASL family Web Servers
    NASL id APACHE_2_0_42.NASL
    description The remote host appears to be running a version of Apache 2.0.x prior to 2.0.43. It is, therefore, affected by an information disclosure vulnerability. An attacker can exploit this vulnerability by making a POST request to files in a folder with both WebDAV and CGI enabled. *** Note that Nessus solely relied on the version number *** of the remote server to issue this warning. This might *** be a false positive.
    last seen 2019-02-21
    modified 2018-06-29
    plugin id 11408
    published 2003-03-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=11408
    title Apache 2.0.x < 2.0.43 Multiple Vulnerabilities (Log Injection, Source Disc.)
oval via4
accepted 2010-09-20T04:00:14.074-04:00
class vulnerability
contributors
  • name Jay Beale
    organization Bastille Linux
  • name Jay Beale
    organization Bastille Linux
  • name Thomas R. Jones
    organization Maitreya Security
  • name Jonathan Baker
    organization The MITRE Corporation
description Apache 1.3 before 1.3.25 and Apache 2.0 before version 2.0.46 does not filter terminal escape sequences from its access logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences, a different vulnerability than CVE-2003-0020.
family unix
id oval:org.mitre.oval:def:151
status accepted
submitted 2003-08-17T12:00:00.000-04:00
title Apache Terminal Escape Sequence Vulnerability II
version 36
packetstorm via4
redhat via4
advisories
rhsa
id RHSA-2003:139
refmap via4
bugtraq
  • 20040325 GLSA200403-04 Multiple security vulnerabilities in Apache 2
  • 20040325 LNSA-#2004-0006: bug workaround for Apache 2.0.48
confirm
secunia 8146
statements via4
contributor Mark J Cox
lastmodified 2008-07-02
organization Apache
statement Fixed in Apache HTTP Server 2.0.46 and 1.3.26: http://httpd.apache.org/security/vulnerabilities_20.html http://httpd.apache.org/security/vulnerabilities_13.html
Last major update 17-10-2016 - 22:29
Published 02-04-2003 - 00:00
Last modified 10-10-2017 - 21:29
Back to Top