Vulnerability Name: CVE-2003-0020 (CCN-11412) Assigned: 2003-02-24 Published: 2003-02-24 Updated: 2021-06-06 Summary: Apache does not filter terminal escape sequences from its error logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences. CVSS v3 Severity: 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Exploitability Metrics: Attack Vector (AV): NetworkAttack Complexity (AC): LowPrivileges Required (PR): NoneUser Interaction (UI): NoneScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): NoneIntegrity (I): LowAvailibility (A): None
CVSS v2 Severity: 5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): LowAuthentication (Au): NoneImpact Metrics: Confidentiality (C): NoneIntegrity (I): PartialAvailibility (A): None
5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): LowAthentication (Au): NoneImpact Metrics: Confidentiality (C): NoneIntegrity (I): PartialAvailibility (A): None
Vulnerability Type: CWE-Other Vulnerability Consequences: Gain Access References: Source: CCNSGI Advanced Linux Environment security update #3 Terminal Emulator Security Issues 20030224 Terminal Emulator Security Issues CVE-2003-0020 DoS in mod_ssl and log escape sequences vulnerability Security Update 2004-12-02 MDKSA-2004:046 20030224 Terminal Emulator Security Issues APPLE-SA-2004-05-03 20040512 [OpenPKG-SA-2004.021] OpenPKG Security Advisory (apache) SSRT4717 apache security update for Stronghold Updated httpd packages fix security vulnerabilities. Updated Apache and mod_ssl packages fix security vulnerabilities apache security update GLSA-200405-22 101555 57628 Security Vulnerabilities in the Apache Web Server and Apache Modules Apache 2.0.47 Release Fixes Security Vulnerabilities Apache HTTP Server 2.0.49 Release Fixes Security Vulnerabilities Apple Mac OS X Jaguar and Panther Security Vulnerabilities Apple Security Update 2004-12-02 Apache 1.3: Multiple vulnerabilities apache-esc-seq-injection(11412) apache apache Apache 1.3: Multiple vulnerabilities MDKSA-2003:050 Apache RHSA-2003:082 RHSA-2003:083 RHSA-2003:104 RHSA-2003:139 RHSA-2003:243 RHSA-2003:244 9930 Apache Error and Access Logs Escape Sequence Injection Vulnerability SSA:2004-133 apache (SSA:2004-133-01) 2004-0017 2004-0027 Two issues have been discovered in httpd Multiple vulnerabilities in apache apache-esc-seq-injection(11412) [httpd-cvs] 20190815 svn commit: r1048742 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html [httpd-cvs] 20190815 svn commit: r1048743 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html [httpd-cvs] 20200401 svn commit: r1058586 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html [httpd-cvs] 20210330 svn commit: r1073140 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html [httpd-cvs] 20210606 svn commit: r1075470 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html [httpd-cvs] 20210330 svn commit: r1073140 [1/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html [httpd-cvs] 20210330 svn commit: r1888194 [2/13] - /httpd/site/trunk/content/security/json/ [httpd-cvs] 20200401 svn commit: r1058587 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html [httpd-cvs] 20210330 svn commit: r1073143 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/ [httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/ [httpd-cvs] 20210330 svn commit: r1073149 [2/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/ [httpd-cvs] 20210330 svn commit: r1073139 [2/13] - in /websites/staging/httpd/trunk/content: ./ security/json/ [httpd-cvs] 20210606 svn commit: r1075470 [1/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html [httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/ oval:org.mitre.oval:def:100109 oval:org.mitre.oval:def:150 oval:org.mitre.oval:def:4114 kdelibs: remote file creation cvs: remote code execution Linux Kernel: local privilege escalation / information leakage mc: local privilege escalation cvs: remote command execution Vulnerable Configuration: Configuration 1 :cpe:/a:apache:http_server:*:*:*:*:*:*:*:* (Version >= 1.3.0 and < 1.3.31)OR cpe:/a:apache:http_server:*:*:*:*:*:*:*:* (Version >= 2.0.0 and < 2.0.49) Configuration CCN 1 :cpe:/a:apache:http_server:*:*:*:*:*:*:*:* AND cpe:/o:sun:solaris:8:*:sparc:*:*:*:*:* OR cpe:/o:hp:hp-ux:11.04:*:*:*:*:*:*:* OR cpe:/o:redhat:linux:7.1:*:*:*:*:*:*:* OR cpe:/o:turbolinux:turbolinux:6.5:*:*:*:server:*:*:* OR cpe:/o:trustix:secure_linux:1.5:*:*:*:*:*:*:* OR cpe:/o:redhat:linux:7.2:*:*:*:*:*:*:* OR cpe:/a:suse:suse_linux_database_server:*:*:*:*:*:*:*:* OR cpe:/a:suse:suse_linux_connectivity_server:*:*:*:*:*:*:*:* OR cpe:/o:conectiva:linux:8.0:*:*:*:*:*:*:* OR cpe:/o:redhat:linux:7.3:*:*:*:*:*:*:* OR cpe:/o:sun:solaris:9:*:sparc:*:*:*:*:* OR cpe:/a:redhat:stronghold:*:*:*:*:*:*:*:* OR cpe:/o:slackware:slackware_linux:8.1:*:*:*:*:*:*:* OR cpe:/a:openpkg:openpkg:current:*:*:*:*:*:*:* OR cpe:/o:gentoo:linux:*:*:*:*:*:*:*:* OR cpe:/a:suse:suse_linux_office_server:*:*:*:*:*:*:*:* OR cpe:/o:redhat:linux:8.0:*:*:*:*:*:*:* OR cpe:/o:suse:suse_linux:8.1:*:*:*:*:*:*:* OR cpe:/a:mandrakesoft:mandrake_multi_network_firewall:8.2:*:*:*:*:*:*:* OR cpe:/o:slackware:slackware_linux:current:*:*:*:*:*:*:* OR cpe:/o:turbolinux:turbolinux_server:6.1:*:*:*:*:*:*:* OR cpe:/o:turbolinux:turbolinux:6.0:*:*:*:workstation:*:*:* OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:2.1:*:*:*:*:*:*:* OR cpe:/o:compaq:tru64:5.1b:*:*:*:*:*:*:* OR cpe:/o:mandrakesoft:mandrake_linux:9.1:*:*:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:2.1:*:as:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:2.1:*:es:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:2.1:*:ws:*:*:*:*:* OR cpe:/o:redhat:linux:9.0:*:*:*:*:*:*:* OR cpe:/o:slackware:slackware_linux:9.0:*:*:*:*:*:*:* OR cpe:/o:conectiva:linux:9.0:*:*:*:*:*:*:* OR cpe:/o:trustix:secure_linux:2.0:*:*:*:*:*:*:* OR cpe:/a:openpkg:openpkg:1.3:*:*:*:*:*:*:* OR cpe:/o:slackware:slackware_linux:9.1:*:*:*:*:*:*:* OR cpe:/o:suse:suse_linux:9.0:*:*:*:*:*:*:* OR cpe:/o:mandrakesoft:mandrake_linux:9.2:*:*:*:*:*:*:* OR cpe:/a:openpkg:openpkg:2.0:*:*:*:*:*:*:* OR cpe:/o:trustix:secure_linux:2.1:*:*:*:*:*:*:* OR cpe:/o:mandrakesoft:mandrake_linux:10.0:*:*:*:*:*:*:* OR cpe:/o:suse:suse_linux:9.1:*:*:*:*:*:*:* OR cpe:/o:apple:mac_os_x:10.2.8:*:*:*:*:*:*:* OR cpe:/o:apple:mac_os_x_server:10.2.8:*:*:*:*:*:*:* OR cpe:/o:apple:mac_os_x:10.3.6:*:*:*:*:*:*:* OR cpe:/o:redhat:linux_advanced_workstation:2.1:*:itanium:*:*:*:*:* OR cpe:/o:mandrakesoft:mandrake_linux:9.1:*:ppc:*:*:*:*:* OR cpe:/o:mandrakesoft:mandrake_linux:9.2:*:amd64:*:*:*:*:* OR cpe:/o:mandrakesoft:mandrake_linux:10.0:*:amd64:*:*:*:*:* OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:2.1:*:x86_64:*:*:*:*:* OR cpe:/o:apple:mac_os_x_server:10.3.6:*:*:*:*:*:*:* Oval Definitions BACK
apache http server *
apache http server *
apache http server *
sun solaris 8
hp hp-ux 11.04
redhat linux 7.1
turbolinux turbolinux server 6.5
trustix secure linux 1.5
redhat linux 7.2
suse suse linux database server *
suse suse linux connectivity server *
conectiva linux 8.0
redhat linux 7.3
sun solaris 9
redhat stronghold *
slackware slackware linux 8.1
openpkg openpkg current
gentoo linux *
suse suse linux office server *
redhat linux 8.0
suse suse linux 8.1
mandrakesoft mandrake multi network firewall 8.2
slackware slackware linux current
turbolinux turbolinux server 6.1
turbolinux turbolinux workstation 6.0
mandrakesoft mandrake linux corporate server 2.1
compaq tru64 5.1b
mandrakesoft mandrake linux 9.1
redhat enterprise linux 2.1
redhat enterprise linux 2.1
redhat enterprise linux 2.1
redhat linux 9.0
slackware slackware linux 9.0
conectiva linux 9.0
trustix secure linux 2.0
openpkg openpkg 1.3
slackware slackware linux 9.1
suse suse linux 9.0
mandrakesoft mandrake linux 9.2
openpkg openpkg 2.0
trustix secure linux 2.1
mandrakesoft mandrake linux 10.0
suse suse linux 9.1
apple mac os x 10.2.8
apple mac os x server 10.2.8
apple mac os x 10.3.6
redhat linux advanced workstation 2.1
mandrakesoft mandrake linux 9.1
mandrakesoft mandrake linux 9.2
mandrakesoft mandrake linux 10.0
mandrakesoft mandrake linux corporate server 2.1
apple mac os x server 10.3.6
Denotes that component is vulnerable