Apache Error Log Escape Sequence Injection Vulnerability

Apache Error Log Escape Sequence Injection Vulnerability

Published on 2004-03-27. Updated on 2007-03-20.

Description:

This version of Apache is vulnerable to escape character sequences injection into error log.This problem may be exploited when a vulnerable terminal emulator is used.

Affected Apache versions (up to 2.0.48 for Apache 2.x and up to 1.3.29 for Apache 1.x).

Impact:
Possible file creation and/or code execution (if vulnerable terminal emulator is present)

Recommendation:
Upgrade to the latest version of Apache.

Tags: Scripts

Alert Tags: configuration
ApplicableApplicationServer : All
ApplicableOS: All
ApplicableWebServer: Apache

References:

BID 9930

Apache homepage

Go Back

• Product Information
• Download
• Product Tour
• Brochure (PDF)
• Pricing
• Testimonials
• Customer references
• Resell Acunetix
• Acunetix in the Press
• List of vulnerability checks

• Learn more
• SQL Injection
• Cross site scripting
• Web Security
• Directory Traversal
• Ajax Application Security
• Google Hacking