Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Apache < 1.3.31 / 2.0.49 Error Log Escape Sequence Injection

Medium

Synopsis

The remote host is vulnerable to a flaw in the way that it displays log files

Description

The target host is running an Apache web server that allows for the injection of arbitrary escape sequences into its error logs. An attacker might use this vulnerability in an attempt to exploit similar vulnerabilities in terminal emulators.

Solution

Upgrade to Apache version 1.3.31, 2.0.49 or newer.