Apache does not filter terminal escape sequences from its error logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences.
http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.html
http://frontal2.mandriva.com/security/advisories?name=MDKSA-2004:046
http://marc.info/?l=bugtraq&m=104612710031920&w=2
http://marc.info/?l=bugtraq&m=108369640424244&w=2
http://marc.info/?l=bugtraq&m=108437852004207&w=2
http://marc.info/?l=bugtraq&m=108731648532365&w=2
http://security.gentoo.org/glsa/glsa-200405-22.xml
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100109
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A150
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4114
http://sunsolve.sun.com/search/document.do?assetkey=1-26-101555-1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-57628-1
http://www.iss.net/security_center/static/11412.php
http://www.redhat.com/support/errata/RHSA-2003-082.html
http://www.redhat.com/support/errata/RHSA-2003-083.html
http://www.redhat.com/support/errata/RHSA-2003-104.html
http://www.redhat.com/support/errata/RHSA-2003-139.html
Published: 2003-03-18
Base Score: 5
Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N
Severity: Medium