Vulnerability Name:

CVE-2001-0730 (CCN-7419)

Assigned:2001-09-28
Published:2001-09-28
Updated:2021-06-06
Summary:split-logfile in Apache 1.3.20 allows remote attackers to overwrite arbitrary files that end in the .log extension via an HTTP request with a / (slash) in the Host: header.
CVSS v3 Severity:5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): Low
Availibility (A): None
CVSS v2 Severity:5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
Vulnerability Type:CWE-Other
Vulnerability Consequences:File Manipulation
References:Source: CCN
Type: SGI Security Advisory 20020301-01-P
Apache vulnerabilities on IRIX

Source: MITRE
Type: CNA
CVE-2001-0730

Source: CONECTIVA
Type: UNKNOWN
CLA-2001:430

Source: MANDRAKE
Type: UNKNOWN
MDKSA-2001:077

Source: CCN
Type: Apache Web site
Index of /dist/httpd

Source: CCN
Type: RHSA-2001-126
Updated apache packages available

Source: CCN
Type: ApacheWeek, Issue 264, 28th September 2001
Security Reports - Apache 1.3.20

Source: CONFIRM
Type: UNKNOWN
http://www.apacheweek.com/issues/01-09-28#security

Source: CCN
Type: CIAC Information Bulletin M-058
Apache Vulnerabilities on IRIX

Source: ENGARDE
Type: UNKNOWN
ESA-20011019-01

Source: CCN
Type: Conectiva Linux Announcement CLSA-2001:430
apache

Source: CCN
Type: EnGarde Secure Linux Security Advisory ESA-20011019-01
apache

Source: CCN
Type: OSVDB ID: 5552
Apache HTTP Server split-logfile Arbitrary .log File Overwrite

Source: REDHAT
Type: UNKNOWN
RHSA-2001:126

Source: REDHAT
Type: UNKNOWN
RHSA-2001:164

Source: CCN
Type: BID-3596
Apache Split-Logfile File Append Vulnerability

Source: XF
Type: UNKNOWN
apache-log-file-overwrite(7419)

Source: XF
Type: UNKNOWN
apache-log-file-overwrite(7419)

Source: MLIST
Type: UNKNOWN
[httpd-cvs] 20210330 svn commit: r1073140 [1/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html

Source: MLIST
Type: UNKNOWN
[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/

Source: MLIST
Type: UNKNOWN
[httpd-cvs] 20210606 svn commit: r1075470 [1/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html

Source: MLIST
Type: UNKNOWN
[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/

Vulnerable Configuration:Configuration 1:
  • cpe:/a:apache:http_server:1.3.20:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:apache:http_server:1.3.1:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:1.3.19:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:1.3.12:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:1.3.20:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:1.3.17:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:1.3.14:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:1.3.11:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:1.3.0:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:1.3.2:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:1.3.22:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:1.3.18:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:1.3.10:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:1.3.13:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:1.3.15:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:1.3.16:*:*:*:*:*:*:*
  • AND
  • cpe:/o:redhat:linux:6.2:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:7.1:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux:7:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:7.2:*:*:*:*:*:*:*
  • OR cpe:/o:conectiva:linux:6.0:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:1.0.1:*:*:*:*:*:*:*
  • OR cpe:/o:engardelinux:secure_community:1.0.1:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux:7.1:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:8.0:*:*:*:*:*:*:*
  • OR cpe:/o:conectiva:linux:prg_graficos:*:*:*:*:*:*:*
  • OR cpe:/o:conectiva:linux:ecommerce:*:*:*:*:*:*:*
  • OR cpe:/o:conectiva:linux:5.1:*:*:*:*:*:*:*
  • OR cpe:/o:conectiva:linux:7.0:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:8.1:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux:7.2:*:*:*:*:*:*:*
  • OR cpe:/o:sgi:irix:6.5.12:*:*:*:*:*:*:*
  • OR cpe:/o:sgi:irix:6.5.13:*:*:*:*:*:*:*
  • OR cpe:/o:sgi:irix:6.5.14:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    apache http server 1.3.20
    apache http server 1.3.1
    apache http server 1.3.19
    apache http server 1.3.12
    apache http server 1.3.20
    apache http server 1.3.17
    apache http server 1.3.14
    apache http server 1.3.11
    apache http server 1.3.0
    apache http server 1.3.2
    apache http server 1.3.22
    apache http server 1.3.18
    apache http server 1.3.10
    apache http server 1.3.13
    apache http server 1.3.15
    apache http server 1.3.16
    redhat linux 6.2
    mandrakesoft mandrake linux 7.1
    redhat linux 7
    mandrakesoft mandrake linux 7.2
    conectiva linux 6.0
    mandrakesoft mandrake linux corporate server 1.0.1
    engardelinux secure community 1.0.1
    redhat linux 7.1
    mandrakesoft mandrake linux 8.0
    conectiva linux prg_graficos
    conectiva linux ecommerce
    conectiva linux 5.1
    conectiva linux 7.0
    mandrakesoft mandrake linux 8.1
    redhat linux 7.2
    sgi irix 6.5.12
    sgi irix 6.5.13
    sgi irix 6.5.14