CVE-2003-0020

MEDIUM

Description

Apache does not filter terminal escape sequences from its error logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences.

References

http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.html

http://frontal2.mandriva.com/security/advisories?name=MDKSA-2004:046

http://marc.info/?l=bugtraq&m=104612710031920&w=2

http://marc.info/?l=bugtraq&m=108369640424244&w=2

http://marc.info/?l=bugtraq&m=108437852004207&w=2

http://marc.info/?l=bugtraq&m=108731648532365&w=2

http://security.gentoo.org/glsa/glsa-200405-22.xml

http://sunsolve.sun.com/search/document.do?assetkey=1-26-101555-1

http://sunsolve.sun.com/search/document.do?assetkey=1-26-57628-1

http://www.iss.net/security_center/static/11412.php

http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:050

http://www.redhat.com/support/errata/RHSA-2003-082.html

http://www.redhat.com/support/errata/RHSA-2003-083.html

http://www.redhat.com/support/errata/RHSA-2003-104.html

http://www.redhat.com/support/errata/RHSA-2003-139.html

http://www.redhat.com/support/errata/RHSA-2003-243.html

http://www.redhat.com/support/errata/RHSA-2003-244.html

http://www.securityfocus.com/bid/9930

http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.529643

http://www.trustix.org/errata/2004/0017

http://www.trustix.org/errata/2004/0027

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100109

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A150

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4114

Details

Source: MITRE

Published: 2003-03-18

Updated: 2021-03-30

Risk Information

CVSS v2.0

Base Score: 5

Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N

Impact Score: 2.9

Exploitability Score: 10

Severity: MEDIUM

Tenable Plugins

View all (26 total)

IDNameProductFamilySeverity
18787Slackware 8.1 / 9.0 / 9.1 / current : apache (SSA:2004-133-01)NessusSlackware Local Security Checks
high
17534HP-UX PHSS_30650 : HP-UX Running Apache, Remote Denial of Service (DoS) (HPSBUX01019 SSRT4717 rev.3)NessusHP-UX Local Security Checks
medium
17533HP-UX PHSS_30649 : HP-UX Running Apache, Remote Denial of Service (DoS) (HPSBUX01019 SSRT4717 rev.3)NessusHP-UX Local Security Checks
medium
17532HP-UX PHSS_30648 : s700_800 11.04 Virtualvault 4.5 OWS updateNessusHP-UX Local Security Checks
medium
17531HP-UX PHSS_30646 : HP-UX Running Apache, Remote Denial of Service (DoS) (HPSBUX01019 SSRT4717 rev.3)NessusHP-UX Local Security Checks
medium
17530HP-UX PHSS_30645 : HP-UX Running Apache, Remote Denial of Service (DoS) (HPSBUX01019 SSRT4717 rev.3)NessusHP-UX Local Security Checks
medium
17529HP-UX PHSS_30644 : HP-UX Running Apache, Remote Denial of Service (DoS) (HPSBUX01019 SSRT4717 rev.3)NessusHP-UX Local Security Checks
medium
17528HP-UX PHSS_30643 : HP-UX Running Apache, Remote Denial of Service (DoS) (HPSBUX01019 SSRT4717 rev.3)NessusHP-UX Local Security Checks
medium
17527HP-UX PHSS_30642 : HP-UX Running Apache, Remote Denial of Service (DoS) (HPSBUX01019 SSRT4717 rev.3)NessusHP-UX Local Security Checks
medium
17526HP-UX PHSS_30641 : HP-UX Running Apache, Remote Denial of Service (DoS) (HPSBUX01019 SSRT4717 rev.3)NessusHP-UX Local Security Checks
medium
17525HP-UX PHSS_30640 : HP-UX Running Apache, Remote Denial of Service (DoS) (HPSBUX01019 SSRT4717 rev.3)NessusHP-UX Local Security Checks
medium
17071HP-UX PHSS_30639 : HP-UX Running Apache, Remote Denial of Service (DoS) (HPSBUX01019 SSRT4717 rev.3)NessusHP-UX Local Security Checks
medium
17070HP-UX PHSS_30647 : s700_800 11.04 Virtualvault 4.5 IWS UpdateNessusHP-UX Local Security Checks
medium
2444Mac OS X Multiple Vulnerabilities (Security Update 2004-12-02)Nessus Network MonitorWeb Clients
high
15898Mac OS X Multiple Vulnerabilities (Security Update 2004-12-02)NessusMacOS X Local Security Checks
high
15483Solaris 8 (x86) : 116974-07NessusSolaris Local Security Checks
critical
15482Solaris 8 (sparc) : 116973-07NessusSolaris Local Security Checks
critical
14508GLSA-200405-22 : Apache 1.3: Multiple vulnerabilitiesNessusGentoo Local Security Checks
high
1221Apache < 1.3.31 / 2.0.49 Error Log Escape Sequence InjectionNessus Network MonitorWeb Servers
high
14145Mandrake Linux Security Advisory : apache-mod_perl (MDKSA-2004:046-1)NessusMandriva Local Security Checks
high
14034Mandrake Linux Security Advisory : apache2 (MDKSA-2003:050)NessusMandriva Local Security Checks
medium
13593Solaris 9 (x86) : 114145-12NessusSolaris Local Security Checks
critical
13530Solaris 9 (sparc) : 113146-13NessusSolaris Local Security Checks
critical
12412RHEL 2.1 : apache (RHSA-2003:244)NessusRed Hat Local Security Checks
medium
12239Apache < 1.3.31 / 2.0.49 Log Entry Terminal Escape Sequence InjectionNessusWeb Servers
medium
800800Mac OS X Multiple Vulnerabilities (Security Update 2004-12-02)Log Correlation EngineOperating System Detection
medium