CVE-2003-0020

MEDIUM

Description

Apache does not filter terminal escape sequences from its error logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences.

References

http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.html

http://frontal2.mandriva.com/security/advisories?name=MDKSA-2004:046

http://marc.info/?l=bugtraq&m=104612710031920&w=2

http://marc.info/?l=bugtraq&m=108369640424244&w=2

http://marc.info/?l=bugtraq&m=108437852004207&w=2

http://marc.info/?l=bugtraq&m=108731648532365&w=2

http://security.gentoo.org/glsa/glsa-200405-22.xml

http://sunsolve.sun.com/search/document.do?assetkey=1-26-101555-1

http://sunsolve.sun.com/search/document.do?assetkey=1-26-57628-1

http://www.iss.net/security_center/static/11412.php

http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:050

http://www.redhat.com/support/errata/RHSA-2003-082.html

http://www.redhat.com/support/errata/RHSA-2003-083.html

http://www.redhat.com/support/errata/RHSA-2003-104.html

http://www.redhat.com/support/errata/RHSA-2003-139.html

http://www.redhat.com/support/errata/RHSA-2003-243.html

http://www.redhat.com/support/errata/RHSA-2003-244.html

http://www.securityfocus.com/bid/9930

http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.529643

http://www.trustix.org/errata/2004/0017

http://www.trustix.org/errata/2004/0027

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100109

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A150

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4114

Details

Source: MITRE

Published: 2003-03-18

Updated: 2017-10-10

Risk Information

CVSS v2.0

Base Score: 5

Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N)

Impact Score: 2.9

Exploitability Score: 10

Severity: MEDIUM