Description

The log files in Apache web server contain information directly supplied by clients and does not filter or quote control characters, which could allow remote attackers to hide HTTP requests and spoof source IP addresses when logs are viewed with UNIX programs such as cat, tail, and grep.

Remediation

References

CVE-2001-1556

Related Vulnerabilities

CKEditor Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-41165)

PHP Other Vulnerability (CVE-2005-0524)

WordPress Plugin Easy Property Listings Cross-Site Scripting (3.3.5.8)

Apache Tomcat Improper Input Validation Vulnerability (CVE-2014-0095)

WordPress Plugin Super Interactive Maps for WordPress SQL Injection (2.1)

Severity

Medium

Classification

CVE-2001-1556 CWE-532

Tags

Missing Update Known Vulnerabilities