Description

The log files in Apache web server contain information directly supplied by clients and does not filter or quote control characters, which could allow remote attackers to hide HTTP requests and spoof source IP addresses when logs are viewed with UNIX programs such as cat, tail, and grep.

Remediation

References

CVE-2001-1556

Related Vulnerabilities

WordPress Plugin Order Export & Order Import for WooCommerce Information Disclosure (1.0.8)

osTicket Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2014-4744)

Jenkins DEPRECATED: Code Vulnerability (CVE-2016-3721)

Apache Tomcat Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2007-4724)

WordPress Plugin Titan Anti-spam & Security Security Bypass (7.3.0)

Severity

Medium

Classification

CVE-2001-1556 CWE-532

Tags

Missing Update Known Vulnerabilities