CVE-2003-0020

Current Description

Apache does not filter terminal escape sequences from its error logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences.

Referenced by CVEs:CVE-2003-0083

Basic Data

PublishedMarch 18, 2003
Last ModifiedOctober 10, 2017
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeNVD-CWE-Other
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:L/Au:N/C:N/I:P/A:N
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityLOW
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactNONE
CVSS 2 - Availability ImpactNONE
CVSS 2 - Base Score5.0
SeverityMEDIUM
Exploitability Score10.0
Impact Score2.9
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationApacheHttp Server********

Vulnerable Software List

VendorProductVersions
Apache Http Server *

References

NameSourceURLTags
20030224 Terminal Emulator Security Issueshttp://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.htmlVULNWATCH
MDKSA-2004:046http://frontal2.mandriva.com/security/advisories?name=MDKSA-2004:046MANDRAKE
20030224 Terminal Emulator Security Issueshttp://marc.info/?l=bugtraq&m=104612710031920&w=2BUGTRAQ
APPLE-SA-2004-05-03http://marc.info/?l=bugtraq&m=108369640424244&w=2APPLE
20040512 [OpenPKG-SA-2004.021] OpenPKG Security Advisory (apache)http://marc.info/?l=bugtraq&m=108437852004207&w=2BUGTRAQ
SSRT4717http://marc.info/?l=bugtraq&m=108731648532365&w=2HP
GLSA-200405-22http://security.gentoo.org/glsa/glsa-200405-22.xmlGENTOO
101555http://sunsolve.sun.com/search/document.do?assetkey=1-26-101555-1SUNALERT
57628http://sunsolve.sun.com/search/document.do?assetkey=1-26-57628-1SUNALERT
apache-esc-seq-injection(11412)http://www.iss.net/security_center/static/11412.phpXFVendor Advisory
MDKSA-2003:050http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:050MANDRAKE
RHSA-2003:082http://www.redhat.com/support/errata/RHSA-2003-082.htmlREDHAT
RHSA-2003:083http://www.redhat.com/support/errata/RHSA-2003-083.htmlREDHAT
RHSA-2003:104http://www.redhat.com/support/errata/RHSA-2003-104.htmlREDHAT
RHSA-2003:139http://www.redhat.com/support/errata/RHSA-2003-139.htmlREDHAT
RHSA-2003:243http://www.redhat.com/support/errata/RHSA-2003-243.htmlREDHAT
RHSA-2003:244http://www.redhat.com/support/errata/RHSA-2003-244.htmlREDHAT
9930http://www.securityfocus.com/bid/9930BIDPatch Vendor Advisory
SSA:2004-133http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.529643SLACKWARE
2004-0017http://www.trustix.org/errata/2004/0017TRUSTIX
2004-0027http://www.trustix.org/errata/2004/0027TRUSTIX
[httpd-cvs] 20190815 svn commit: r1048742 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.htmlhttps://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac@%3CcvsMLIST
[httpd-cvs] 20190815 svn commit: r1048743 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.htmlhttps://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79@%3CcvsMLIST
[httpd-cvs] 20200401 svn commit: r1058586 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.htmlhttps://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc@%3CcvMLIST
[httpd-cvs] 20200401 svn commit: r1058587 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.htmlhttps://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb@%3CcvMLIST
oval:org.mitre.oval:def:100109https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100109OVAL
oval:org.mitre.oval:def:150https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A150OVAL
oval:org.mitre.oval:def:4114https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4114OVAL