CVE-2003-0020

medium

Description

Apache does not filter terminal escape sequences from its error logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences.

References

http://www.securityfocus.com/bid/9930

http://www.iss.net/security_center/static/11412.php

http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.html

http://security.gentoo.org/glsa/glsa-200405-22.xml

http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:050

http://frontal2.mandriva.com/security/advisories?name=MDKSA-2004:046

http://www.redhat.com/support/errata/RHSA-2003-082.html

http://www.redhat.com/support/errata/RHSA-2003-083.html

http://www.redhat.com/support/errata/RHSA-2003-104.html

http://www.redhat.com/support/errata/RHSA-2003-139.html

http://www.redhat.com/support/errata/RHSA-2003-243.html

http://www.redhat.com/support/errata/RHSA-2003-244.html

http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.529643

http://sunsolve.sun.com/search/document.do?assetkey=1-26-57628-1

http://sunsolve.sun.com/search/document.do?assetkey=1-26-101555-1

http://www.trustix.org/errata/2004/0017

http://www.trustix.org/errata/2004/0027

http://marc.info/?l=bugtraq&m=104612710031920&w=2

http://marc.info/?l=bugtraq&m=108369640424244&w=2

http://marc.info/?l=bugtraq&m=108731648532365&w=2

http://marc.info/?l=bugtraq&m=108437852004207&w=2

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4114

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A150

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100109

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

Details

Source: MITRE

Published: 2003-03-18

Updated: 2021-06-06

Risk Information

CVSS v2

Base Score: 5

Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N

Impact Score: 2.9

Exploitability Score: 10

Severity: MEDIUM