CVE-2003-0020Log File Information Exposure in Apache Http Server

CWE-532Log File Information Exposure10 documents7 sources
Severity
5.0MEDIUMNVD
EPSS
20.3%
top 4.48%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Apache Http Server
Timeline
PublishedMar 18
Latest updateApr 29

Description

Apache does not filter terminal escape sequences from its error logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences.

CVSS vector

AV:N/AC:L/C:N/I:P/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

NVDapache/http_server1.3.01.3.31+1

🔴Vulnerability Details

3
GHSA
GHSA-cc5w-cgc4-9qf7: Apache does not filter terminal escape sequences from its error logs, which could make it easier for attackers to insert those sequences into terminal2022-04-29
CVEList
CVE-2003-0020: Apache does not filter terminal escape sequences from its error logs, which could make it easier for attackers to insert those sequences into terminal2004-09-01
OSV
CVE-2003-0020: Apache does not filter terminal escape sequences from its error logs, which could make it easier for attackers to insert those sequences into terminal2003-03-18

📋Vendor Advisories

4
Red Hat
security flaw2003-02-24
Red Hat
security flaw2003-02-24
Debian
CVE-2003-0020: apache2 - Apache does not filter terminal escape sequences from its error logs, which coul...2003
Red Hat
httpd: log files contain information directly supplied by clients and does not filter or quote control characters2001-12-31

💬Community

2
Bugzilla
CVE-2003-0020 security flaw2018-08-16
Bugzilla
CVE-2003-0083 security flaw2018-08-16
CVE-2003-0020 — Log File Information Exposure in Apache | cvebase