CVE-2003-0083 — Log File Information Exposure in Apache Http Server

CWE-532 — Log File Information Exposure9 documents7 sources

Severity

5.0MEDIUMNVD

EPSS

12.4%

top 6.10%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apache Http Server

Timeline

PublishedApr 2

Latest updateApr 29

Description

Apache 1.3 before 1.3.25 and Apache 2.0 before version 2.0.46 does not filter terminal escape sequences from its access logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences, a different vulnerability than CVE-2003-0020.

CVSS vector

AV:N/AC:L/C:N/I:P/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

▶NVDapache/http_server1.3.0 — 1.3.26+1

🔴Vulnerability Details

GHSA

GHSA-cvpf-93m7-95jr: Apache 1↗2022-04-29

▶

OSV

CVE-2003-0083: Apache 1↗2003-04-02

▶

CVEList

CVE-2003-0083: Apache 1↗2003-03-28

▶

📋Vendor Advisories

Red Hat

security flaw↗2003-02-24

▶

Debian

CVE-2003-0083: apache2 - Apache 1.3 before 1.3.25 and Apache 2.0 before version 2.0.46 does not filter te...↗2003

▶

Red Hat

httpd: log files contain information directly supplied by clients and does not filter or quote control characters↗2001-12-31

▶

💬Community

Bugzilla

CVE-2003-0083 security flaw↗2018-08-16

▶

Bugzilla

CAN-2004-0083 XFree86 font.alias overflow↗2004-02-04

▶