The target is running an Apache web server which allows for the injection of arbitrary escape sequences into its error logs. An attacker might use this vulnerability in an attempt to exploit similar vulnerabilities in terminal emulators. ***** OVS has determined the vulnerability exists only by looking at ***** the Server header returned by the web server running on the target.
Upgrade to Apache version 1.3.31 or 2.0.49 or newer.
- Adobe Flash Media Server Video Stream Capture Security Issue
- Adobe Reader Information Disclosure & Denial of Service Vulnerabilities (Windows)
- Apache Tomcat Multiple Vulnerabilities-01 (Nov14)
- Apple Safari Multiple Memory Corruption Vulnerabilities-02 Apr14 (Mac OS X)
- Apache Tomcat AJP Request Remote Denial Of Service Vulnerability