CVE-2001-1556Log File Information Exposure in Apache Http Server

CWE-532Log File Information Exposure5 documents5 sources
Severity
5.0MEDIUMNVD
EPSS
1.8%
top 17.33%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Apache Http Server
Timeline
PublishedDec 31
Latest updateApr 30

Description

The log files in Apache web server contain information directly supplied by clients and does not filter or quote control characters, which could allow remote attackers to hide HTTP requests and spoof source IP addresses when logs are viewed with UNIX programs such as cat, tail, and grep.

CVSS vector

AV:N/AC:L/C:N/I:P/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

NVDapache/http_server1.3.01.3.31+1

🔴Vulnerability Details

2
GHSA
GHSA-9f54-6r7j-3hph: The log files in Apache web server contain information directly supplied by clients and does not filter or quote control characters, which could allow2022-04-30
CVEList
CVE-2001-1556: The log files in Apache web server contain information directly supplied by clients and does not filter or quote control characters, which could allow2005-07-14

📋Vendor Advisories

1
Red Hat
httpd: log files contain information directly supplied by clients and does not filter or quote control characters2001-12-31

💬Community

1
Bugzilla
CVE-2001-1556 httpd: log files contain information directly supplied by clients and does not filter or quote control characters2020-10-27
CVE-2001-1556 — Log File Information Exposure in Apache | cvebase