CVE-2003-0020
CVSS5.0
发布时间 :2003-03-18 00:00:00
修订时间 :2016-10-17 22:28:24
NMCOPS    

[原文]Apache does not filter terminal escape sequences from its error logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences.


[CNNVD]Apache错误日志转义序列注入漏洞(CNNVD-200303-057)

        
        Apache是一款开放源代码WEB服务程序。
        Apache在错误日志记录过程中缺少充分过滤,远程攻击者可以利用这个漏洞建议任意文件或执行任意脚本代码。
        Apache WEB服务器由于在记录日志时存在输入验证错误,允许转义字符序列注入到Apache日志文件中,利用这个漏洞可引出多个问题,如任意文件建立或者脚本代码执行。
        

- CVSS (基础分值)

CVSS分值: 5 [中等(MEDIUM)]
机密性影响: [--]
完整性影响: [--]
可用性影响: [--]
攻击复杂度: [--]
攻击向量: [--]
身份认证: [--]

- CPE (受影响的平台与产品)

产品及版本信息(CPE)暂不可用

- OVAL (用于检测的技术细节)

oval:org.mitre.oval:def:4114Apache Error Log Escape Sequence Injection Vulnerability
oval:org.mitre.oval:def:150Apache Terminal Escape Sequence Vulnerability
oval:org.mitre.oval:def:100109Apache Error Log Escape Sequence Filtering Vulnerability
*OVAL详细的描述了检测该漏洞的方法,你可以从相关的OVAL定义中找到更多检测该漏洞的技术细节。

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0020
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2003-0020
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200303-057
(官方数据源) CNNVD

- 其它链接及资源

http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.html
(UNKNOWN)  VULNWATCH  20030224 Terminal Emulator Security Issues
http://frontal2.mandriva.com/security/advisories?name=MDKSA-2004:046
(UNKNOWN)  MANDRAKE  MDKSA-2004:046
http://marc.info/?l=bugtraq&m=104612710031920&w=2
(UNKNOWN)  BUGTRAQ  20030224 Terminal Emulator Security Issues
http://marc.info/?l=bugtraq&m=108369640424244&w=2
(UNKNOWN)  APPLE  APPLE-SA-2004-05-03
http://marc.info/?l=bugtraq&m=108437852004207&w=2
(UNKNOWN)  BUGTRAQ  20040512 [OpenPKG-SA-2004.021] OpenPKG Security Advisory (apache)
http://marc.info/?l=bugtraq&m=108731648532365&w=2
(UNKNOWN)  HP  SSRT4717
http://security.gentoo.org/glsa/glsa-200405-22.xml
(UNKNOWN)  GENTOO  GLSA-200405-22
http://sunsolve.sun.com/search/document.do?assetkey=1-26-101555-1
(UNKNOWN)  SUNALERT  101555
http://sunsolve.sun.com/search/document.do?assetkey=1-26-57628-1
(UNKNOWN)  SUNALERT  57628
http://www.iss.net/security_center/static/11412.php
(VENDOR_ADVISORY)  XF  apache-esc-seq-injection(11412)
http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:050
(UNKNOWN)  MANDRAKE  MDKSA-2003:050
http://www.redhat.com/support/errata/RHSA-2003-082.html
(UNKNOWN)  REDHAT  RHSA-2003:082
http://www.redhat.com/support/errata/RHSA-2003-083.html
(UNKNOWN)  REDHAT  RHSA-2003:083
http://www.redhat.com/support/errata/RHSA-2003-104.html
(UNKNOWN)  REDHAT  RHSA-2003:104
http://www.redhat.com/support/errata/RHSA-2003-139.html
(UNKNOWN)  REDHAT  RHSA-2003:139
http://www.redhat.com/support/errata/RHSA-2003-243.html
(UNKNOWN)  REDHAT  RHSA-2003:243
http://www.redhat.com/support/errata/RHSA-2003-244.html
(UNKNOWN)  REDHAT  RHSA-2003:244
http://www.securityfocus.com/bid/9930
(VENDOR_ADVISORY)  BID  9930
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.529643
(UNKNOWN)  SLACKWARE  SSA:2004-133
http://www.trustix.org/errata/2004/0017
(UNKNOWN)  TRUSTIX  2004-0017
http://www.trustix.org/errata/2004/0027
(UNKNOWN)  TRUSTIX  2004-0027

- 漏洞信息

Apache错误日志转义序列注入漏洞
中危 输入验证
2003-03-18 00:00:00 2005-05-13 00:00:00
远程  
        
        Apache是一款开放源代码WEB服务程序。
        Apache在错误日志记录过程中缺少充分过滤,远程攻击者可以利用这个漏洞建议任意文件或执行任意脚本代码。
        Apache WEB服务器由于在记录日志时存在输入验证错误,允许转义字符序列注入到Apache日志文件中,利用这个漏洞可引出多个问题,如任意文件建立或者脚本代码执行。
        

- 公告与补丁

        厂商补丁:
        Apache Software Foundation
        --------------------------
        目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
        Apache Software Foundation Upgrade Apache httpd 2.0.49
        
        http://httpd.apache.org/download.cgi

- 漏洞信息 (F33414)

apache_1.3.31.tar.gz (PacketStormID:F33414)
2004-05-25 00:00:00
 
unix
CVE-2003-0987,CVE-2003-0020,CVE-2004-0174,CVE-2003-0993
[点击下载]

Apache is the most popular webserver on the Internet, quite possibly the best in terms of security, functionality, efficiency, and speed.

- 漏洞信息 (F32909)

apache2049.txt (PacketStormID:F32909)
2004-03-19 00:00:00
 
advisory,denial of service,arbitrary,vulnerability,memory leak
CVE-2004-0174,CVE-2003-0020,CVE-2004-0113
[点击下载]

Apache 2.0.49 has been released to address three security vulnerabilities. A race condition that allows for a denial of service attack, a condition that allow arbitrary strings to get written to the error log, and a memory leak in mod_ssl have all been addressed.

---------- Forwarded message ----------
Date: Fri, 19 Mar 2004 22:55:38 +0100
From: Sander Striker <striker@apache.org>
To: announce@httpd.apache.org
Subject: [ANNOUNCE] Apache HTTP Server 2.0.49 Released

                   Apache HTTP Server 2.0.49 Released

   The Apache Software Foundation and the  The Apache HTTP Server Project are
   pleased to announce the release of version 2.0.49 of the Apache HTTP
   Server ("Apache").  This Announcement notes the significant changes
   in 2.0.49 as compared to 2.0.48.

   This version of Apache is principally a bug fix release.  A summary of
   the bug fixes is given at the end of this document.  Of particular
   note is that 2.0.49 addresses three security vulnerabilities:

   When using multiple listening sockets, a denial of service attack
   is possible on some platforms due to a race condition in the
   handling of short-lived connections.  This issue is known to affect
   some versions of AIX, Solaris, and Tru64; it is known to not affect
   FreeBSD or Linux.
   [http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0174]

   Arbitrary client-supplied strings can be written to the error log
   which can allow exploits of certain terminal emulators.
   [http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0020]

   A remotely triggered memory leak in mod_ssl can allow a denial
   of service attack due to excessive memory consumption.
   [http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0113]

   This release is compatible with modules compiled for 2.0.42 and later
   versions.  We consider this release to be the best version of Apache
   available and encourage users of all prior versions to upgrade.

   Apache HTTP Server 2.0.49 is available for download from

     http://httpd.apache.org/download.cgi

   Please see the CHANGES_2.0 file, linked from the above page, for
   a full list of changes.

   Apache 2.0 offers numerous enhancements, improvements, and performance
   boosts over the 1.3 codebase.  For an overview of new features introduced
   after 1.3 please see

     http://httpd.apache.org/docs-2.0/new_features_2_0.html

   When upgrading or installing this version of Apache, please keep
   in mind the following:
   If you intend to use Apache with one of the threaded MPMs, you must
   ensure that the modules (and the libraries they depend on) that you
   will be using are thread-safe.  Please contact the vendors of these
   modules to obtain this information.

                       Apache 2.0.49 Major changes

   Security vulnerabilities closed since Apache 2.0.48

    *) SECURITY: CAN-2004-0174 (cve.mitre.org)
       Fix starvation issue on listening sockets where a short-lived
       connection on a rarely-accessed listening socket will cause a
       child to hold the accept mutex and block out new connections until
       another connection arrives on that rarely-accessed listening socket.
       With Apache 2.x there is no performance concern about enabling the
       logic for platforms which don't need it, so it is enabled everywhere
       except for Win32.  [Jeff Trawick]

    *) SECURITY: CAN-2004-0113 (cve.mitre.org)
       mod_ssl: Fix a memory leak in plain-HTTP-on-SSL-port handling.
       PR 27106.  [Joe Orton]

    *) SECURITY: CAN-2003-0020 (cve.mitre.org)
       Escape arbitrary data before writing into the errorlog. Unescaped
       errorlogs are still possible using the compile time switch
       "-DAP_UNSAFE_ERROR_LOG_UNESCAPED".  [Geoffrey Young, André Malo]

   Bugs fixed and features added since Apache 2.0.47

    *) mod_cgid: Fix storage corruption caused by use of incorrect pool.
       [Jeff Trawick]

    *) Win32: find_read_listeners was not correctly handling multiple
       listeners on the Win32DisableAcceptEx path.  [Bill Stoddard]

    *) Fix bug in mod_usertrack when no CookieName is set.  PR 24483.
       [Manni Wood <manniwood planet-save.com>]

    *) Fix some piped log problems: bogus "piped log program '(null)'
       failed" messages during restart and problem with the logger
       respawning again after Apache is stopped.  PR 21648, PR 24805.
       [Jeff Trawick]

    *) Fixed file extensions for real media files and removed rpm extension
       from mime.types. PR 26079.  [Allan Sandfeld <kde carewolf.com>]

    *) Remove compile-time length limit on request strings. Length is
       now enforced solely with the LimitRequestLine config directive.
       [Paul J. Reder]

    *) mod_ssl: Send the Close Alert message to the peer before closing
       the SSL session.  PR 27428.  [Madhusudan Mathihalli, Joe Orton]

    *) mod_ssl: Fix bug in passphrase handling which could cause spurious
       failures in SSL functions later.  PR 21160.  [Joe Orton]

    *) mod_log_config: Fix corruption of buffered logs with threaded
       MPMs.  PR 25520.  [Jeff Trawick]

    *) Fix mod_include's expression parser to recognize strings correctly
       even if they start with an escaped token.  [André Malo]

    *) Add fatal exception hook for use by diagnostic modules.  The hook
       is only available if the --enable-exception-hook configure parm
       is used and the EnableExceptionHook directive has been set to
       "on".  [Jeff Trawick]

    *) Allow mod_auth_digest to work with sub-requests with different
       methods than the original request.  PR 25040.
       [Josh Dady <jpd indecisive.com>]

    *) fix "Expected </Foo>> but saw </Foo>" errors in nested,
       argumentless containers.
       ["Philippe M. Chiasson" <gozer cpan.org>]

    *) mod_auth_ldap: Fix some segfaults in the cache logic.  PR 18756.
       [Matthieu Estrade <apache moresecurity.org>, Brad Nicholes]

    *) mod_cgid: Restart the cgid daemon if it crashes.  PR 19849
       [Glenn Nielsen <glenn apache.org>]

    *) The whole codebase was relicensed and is now available under
       the Apache License, Version 2.0 (http://www.apache.org/licenses).
       [Apache Software Foundation]

    *) Fixed cache-removal order in mod_mem_cache.
       [Jean-Jacques Clar, Cliff Woolley]

    *) mod_setenvif: Fix the regex optimizer, which under circumstances
       treated the supplied regex as literal string. PR 24219.
       [André Malo]

    *) ap_mpm.h: Fix include guard of ap_mpm.h to reference mpm
       instead of mmn. [André Malo]

    *) mod_rewrite: Catch an edge case, where strange subsequent RewriteRules
       could lead to a 400 (Bad Request) response.  [André Malo]

    *) Keep focus of ITERATE and ITERATE2 on the current module when
       the module chooses to return DECLINE_CMD for the directive.
       PR 22299.  [Geoffrey Young <geoff apache.org>]

    *) Add support for IMT minor-type wildcards (e.g., text/*) to
       ExpiresByType.  PR#7991  [Ken Coar]

    *) Fix segfault in mod_mem_cache cache_insert() due to cache size
       becoming negative.  PR: 21285, 21287
       [Bill Stoddard, Massimo Torquati, Jean-Jacques Clar]

    *) core.c: If large file support is enabled, allow any file that is
       greater than AP_MAX_SENDFILE to be split into multiple buckets.
       This allows Apache to send files that are greater than 2gig.
       Otherwise we run into 32/64 bit type mismatches in the file size.
       [Brad Nicholes]

    *) proxy_http fix: mod_proxy hangs when both KeepAlive and
       ProxyErrorOverride are enabled, and a non-200 response without a
       body is generated by the backend server. (e.g.: a client makes a
       request containing the "If-Modified-Since" and "If-None-Match"
       headers, to which the backend server respond with status 304.)
       [Graham Wiseman <gwiseman fscinternet.com>, Richard Reiner]

    *) mod_dav: Reject requests which include an unescaped fragment in the
       Request-URI.  PR 21779.  [Amit Athavale <amit_athavale lycos.com>]

    *) Build array of allowed methods with proper dimensions, fixing
       possible memory corruption.  [Jeff Trawick]

    *) mod_ssl: Fix potential segfault on lookup of SSL_SESSION_ID.
       PR 15057.  [Otmar Lendl <lendl nic.at>]

    *) mod_ssl: Fix streaming output from an nph- CGI script. PR 21944
       [Joe Orton]

    *) mod_usertrack no longer inspects the Cookie2 header for
       the cookie name. PR 11475.  [Chris Darrochi <chrisd pearsoncmg.com>]

    *) mod_usertrack no longer overwrites other cookies.
       PR 26002.  [Scott Moore <apache nopdesign.com>]

    *) worker MPM: fix stack overlay bug that could cause the parent
       process to crash.  [Jeff Trawick]

    *) Win32: Add Win32DisableAcceptEx directive. This Windows
       NT/2000/XP directive is useful to work around bugs in some
       third party layered service providers like virus scanners,
       VPN and firewall products, that do not properly handle
       WinSock 2 APIs.  Use this directive if your server is issuing
       AcceptEx failed messages.
       [Allan Edwards, Bill Rowe, Bill Stoddard, Jeff Trawick]

    *) Make REMOTE_PORT variable available in mod_rewrite.
       PR 25772.  [André Malo]

    *) Fix a long delay with CGI requests and keepalive connections on
       AIX.  [Jeff Trawick]

    *) mod_autoindex: Add 'XHTML' option in order to allow switching between
       HTML 3.2 and XHTML 1.0 output. PR 23747.  [André Malo]

    *) Add XHTML Document Type Definitions to httpd.h (minor MMN bump).
       [André Malo]

    *) mod_ssl: Advertise SSL library version as determined at run-time rather
       than at compile-time.  PR 23956.  [Eric Seidel <seidel apple.com>]

    *) mod_ssl: Fix segfault on a non-SSL request if the 'c' log
       format code is used.  PR 22741.  [Gary E. Miller <gem rellim.com>]

    *) Fix build with parallel make.  PR 24643.  [Joe Orton]

    *) mod_rewrite: In external rewrite maps lookup keys containing
       a newline now cause a lookup failure. PR 14453.
       [Cedric Gavage <cedric.gavage unixtech.be>, André Malo]

    *) Backport major overhaul of mod_include's filter parser from 2.1.
       The new parser code is expected to be more robust and should
       catch all of the edge cases that were not handled by the previous one.
       The 2.1 external API changes were hidden by a wrapper which is
       expected to keep the API backwards compatible.  [André Malo]

    *) Add a hook (insert_error_filter) to allow filters to re-insert
       themselves during processing of error responses. Enable mod_expires
       to use the new hook to include Expires headers in valid error
       responses. This addresses an RFC violation. It fixes PRs 19794,
       24884, and 25123. [Paul J. Reder]

    *) Add Polish translation of error messages.  PR 25101.
       [Tomasz Kepczynski <tomek jot23.org>]

    *) Add AP_MPMQ_MPM_STATE function code for ap_mpm_query. (Not yet
       supported for BeOS or OS/2 MPMs.)  [Jeff Trawick, Brad Nicholes,
       Bill Stoddard]

    *) Add mod_status hook to allow modules to add to the mod_status
       report.  [Joe Orton]

    *) Fix htdbm to generate comment fields in DBM files correctly.
       [Justin Erenkrantz]

    *) mod_dav: Use bucket brigades when reading PUT data. This avoids
       problems if the data stream is modified by an input filter. PR 22104.
       [Tim Robbins <tim robbins.dropbear.id.au>, André Malo]

    *) Fix RewriteBase directive to not add double slashes.  [André Malo]

    *) Improve 'configure --help' output for some modules.  [Astrid Keßler]

    *) Correct UseCanonicalName Off to properly check incoming port number.
       [Jim Jagielski]

    *) Fix slow graceful restarts with prefork MPM.  [Joe Orton]

    *) Fix a problem with namespace mappings being dropped in mod_dav_fs;
       if any property values were set which defined namespaces these
       came out mangled in the PROPFIND response.  PR 11637.
       [Amit Athavale <amit_athavale persistent.co.in>]

    *) mod_dav: Return a WWW-auth header for MOVE/COPY requests where
       the destination resource gives a 401.  PR 15571.  [Joe Orton]

    *) mod_autoindex / core: Don't fail to show filenames containing
       special characters like '%'. PR 13598.  [André Malo]

    *) mod_status: Report total CPU time accurately when using a threaded
       MPM.  PR 23795.  [Jeff Trawick]

    *) Fix memory leak in handling of request bodies during reverse
       proxy operations.  PR 24991. [Larry Toppi <larry.toppi citrix.com>]

    *) Win32 MPM: Implement MaxMemFree to enable setting an upper
       limit on the amount of storage used by the bucket brigades
       in each server thread. [Bill Stoddard]

    *) Modified the cache code to be header-location agnostic. Also
       fixed a number of other cache code bugs related to PR 15852.
       Includes a patch submitted by Sushma Rai <rsushma novell.com>.
       This fixes mod_mem_cache but not mod_disk_cache yet so I'm not
       closing the PR since that is what they are using. [Paul J. Reder]

    *) complain via error_log when mod_include's INCLUDES filter is
       enabled, but the relevant Options flag allowing the filter to run
       for the specific resource wasn't set, so that the filter won't
       silently get skipped. next remove itself, so the warning will be
       logged only once [Stas Bekman, Jeff Trawick, Bill Rowe]

    *) mod_info: HTML escape configuration information so it displays
       correctly. PR 24232. [Thom May]

    *) Restore the ability to add a description for directories that
       don't contain an index file.  (Broken in 2.0.48) [André Malo]

    *) Fix a problem with the display of empty variables ("SetEnv foo") in
       mod_include.  PR 24734  [Markus Julen <mj zermatt.net>]

    *) mod_log_config: Log the minutes component of the timezone correctly.
       PR 23642.  [Hong-Gunn Chew <hgbug gunnet.org>]

    *) mod_proxy: Fix cases where an invalid status-line could be sent
       to the client.  PR 23998.  [Joe Orton]

    *) mod_ssl: Fix segfaults at startup if other modules which use OpenSSL
       are also loaded.  [Joe Orton]

    *) mod_ssl: Use human-readable OpenSSL error strings in logs; use
       thread-safe interface for retrieving error strings.  [Joe Orton]

    *) mod_expires: Initialize ExpiresDefault to NULL instead of "" to
       avoid reporting an Internal Server error if it is used without
       having been set in the httpd.conf file. PR: 23748, 24459
       [Andre Malo, Liam Quinn  <liam htmlhelp.com>]

    *) mod_autoindex: Don't omit the <tr> start tag if the SuppressIcon
       option is set. PR 21668.  [Jesse Tie-Ten-Quee <highos highos.com>]

    *) mod_include no longer allows an ETag header on 304 responses.
       PR 19355. [Geoffrey Young <geoff apache.org>, André Malo]

    *) EBCDIC: Convert header fields to ASCII before sending (broken
       since 2.0.44). [Martin Kraemer]

    *) Fix the inability to log errors like exec failure in
       mod_ext_filter/mod_cgi script children.  This was broken after
       such children stopped inheriting the error log handle.
       [Jeff Trawick]

    *) Fix mod_info to use the real config file name, not the default
       config file name.  [Aryeh Katz <aryeh secured-services.com>]

    *) Set the scoreboard state to indicate logging prior to running
       logging hooks so that server-status will show 'L' for hung loggers
       instead of 'W'.  [Jeff Trawick]
    

- 漏洞信息

4382
Apache HTTP Server Log Entry Terminal Escape Sequence Injection
Remote / Network Access Input Manipulation
Loss of Integrity

- 漏洞描述

Apache HTTP Server contains a flaw that may allow a malicious user to inject terminal escape sequences into Apache's error log. The issue is triggered when Apache fails to strip the escape sequences. If an administrator views the log files using certain terminal applications it may execute the escape sequences with the privileges of the administrator.

- 时间线

2003-02-24 Unknow
Unknow Unknow

- 解决方案

Upgrade to Apache version 1.3.31 or 2.0.49 or newer, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

Apache Error Log Escape Sequence Injection Vulnerability
Input Validation Error 9930
Yes No
2004-03-20 12:00:00 2010-02-17 08:32:00
The individual responsible for the disclosure of this issue is currently not known.

- 受影响的程序版本

Turbolinux Turbolinux Desktop 10.0
Sun Solaris 9_x86
Sun Solaris 9
Sun Solaris 8_x86
Sun Solaris 8_sparc
OpenBSD OpenBSD 3.5
OpenBSD OpenBSD 3.4
OpenBSD OpenBSD -current
HP Webproxy A.02.10
+ HP HP-UX B.11.04
HP Webproxy A.02.00
+ HP HP-UX B.11.04
HP VirtualVault A.04.70
+ HP HP-UX B.11.04
HP VirtualVault A.04.60
+ HP HP-UX B.11.04
HP VirtualVault A.04.50
+ HP HP-UX B.11.04
Apple Mac OS X Server 10.3.3
Apple Mac OS X Server 10.2.8
Apple Mac OS X 10.3.3
Apple Mac OS X 10.2.8
Apache Software Foundation Apache 2.0.48
+ Mandriva Linux Mandrake 10.0 AMD64
+ Mandriva Linux Mandrake 10.0
+ S.u.S.E. Linux 8.1
+ S.u.S.E. Linux Personal 9.0 x86_64
+ S.u.S.E. Linux Personal 9.0
+ S.u.S.E. Linux Personal 8.2
+ Trustix Secure Linux 2.1
+ Trustix Secure Linux 2.0
Apache Software Foundation Apache 2.0.47
+ Apple Mac OS X Server 10.3.5
+ Apple Mac OS X Server 10.3.4
+ Apple Mac OS X Server 10.3.3
+ Apple Mac OS X Server 10.3.2
+ Apple Mac OS X Server 10.3.1
+ Apple Mac OS X Server 10.3
+ Apple Mac OS X Server 10.2.8
+ Apple Mac OS X Server 10.2.7
+ Apple Mac OS X Server 10.2.6
+ Apple Mac OS X Server 10.2.5
+ Apple Mac OS X Server 10.2.4
+ Apple Mac OS X Server 10.2.3
+ Apple Mac OS X Server 10.2.2
+ Apple Mac OS X Server 10.2.1
+ Apple Mac OS X Server 10.2
+ Apple Mac OS X Server 10.1.5
+ Apple Mac OS X Server 10.1.4
+ Apple Mac OS X Server 10.1.3
+ Apple Mac OS X Server 10.1.2
+ Apple Mac OS X Server 10.1.1
+ Apple Mac OS X Server 10.1
+ Mandriva Linux Mandrake 9.2 amd64
+ Mandriva Linux Mandrake 9.2
+ Mandriva Linux Mandrake 9.1 ppc
+ Mandriva Linux Mandrake 9.1
Apache Software Foundation Apache 2.0.46
+ Red Hat Enterprise Linux AS 3
+ RedHat Desktop 3.0
+ RedHat Enterprise Linux ES 3
+ RedHat Enterprise Linux WS 3
+ Trustix Secure Linux 2.0
Apache Software Foundation Apache 2.0.45
- Apple Mac OS X 10.2.6
- Apple Mac OS X 10.2.5
- Apple Mac OS X 10.2.4
- Apple Mac OS X 10.2.3
- Apple Mac OS X 10.2.2
- Apple Mac OS X 10.2.1
- Apple Mac OS X 10.2
- Apple Mac OS X 10.1.5
- Apple Mac OS X 10.1.4
- Apple Mac OS X 10.1.3
- Apple Mac OS X 10.1.2
- Apple Mac OS X 10.1.1
- Apple Mac OS X 10.1
- Apple Mac OS X 10.1
- Apple Mac OS X 10.0.4
- Apple Mac OS X 10.0.3
- Apple Mac OS X 10.0.2
- Apple Mac OS X 10.0.1
- Apple Mac OS X 10.0
+ Conectiva Linux 9.0
Apache Software Foundation Apache 2.0.44
Apache Software Foundation Apache 2.0.43
Apache Software Foundation Apache 2.0.42
+ Gentoo Linux 1.4 _rc1
+ Gentoo Linux 1.2
Apache Software Foundation Apache 2.0.41
Apache Software Foundation Apache 2.0.40
+ RedHat Linux 9.0 i386
+ RedHat Linux 8.0
+ Terra Soft Solutions Yellow Dog Linux 3.0
Apache Software Foundation Apache 2.0.39
Apache Software Foundation Apache 2.0.38
Apache Software Foundation Apache 2.0.37
Apache Software Foundation Apache 2.0.36
Apache Software Foundation Apache 2.0.35
Apache Software Foundation Apache 2.0.32
Apache Software Foundation Apache 2.0.28 Beta
Apache Software Foundation Apache 2.0.28
Apache Software Foundation Apache 2.0 a9
Apache Software Foundation Apache 2.0
Apache Software Foundation Apache 1.3.29
+ Apple Mac OS X 10.3.5
+ Apple Mac OS X 10.2.7
+ Apple Mac OS X Server 10.3.5
+ Apple Mac OS X Server 10.2.7
+ Mandriva Linux Mandrake 10.0 AMD64
+ Mandriva Linux Mandrake 10.0
+ OpenPKG OpenPKG 2.0
Apache Software Foundation Apache 1.3.28
+ Conectiva Linux 8.0
+ Mandriva Linux Mandrake 9.2 amd64
+ Mandriva Linux Mandrake 9.2
+ OpenBSD OpenBSD 3.4
+ OpenPKG OpenPKG 1.3
Apache Software Foundation Apache 1.3.27
+ HP HP-UX (VVOS) 11.0 4
+ HP VirtualVault 4.6
+ HP VirtualVault 4.5
+ HP Webproxy 2.0
+ Immunix Immunix OS 7+
+ Mandriva Linux Mandrake 9.1 ppc
+ Mandriva Linux Mandrake 9.1
+ OpenBSD OpenBSD 3.3
+ OpenPKG OpenPKG Current
+ Red Hat Enterprise Linux AS 2.1 IA64
+ Red Hat Enterprise Linux AS 2.1
+ RedHat Enterprise Linux ES 2.1 IA64
+ RedHat Enterprise Linux ES 2.1
+ RedHat Enterprise Linux WS 2.1 IA64
+ RedHat Enterprise Linux WS 2.1
+ RedHat Linux Advanced Work Station 2.1
+ SGI IRIX 6.5.19
Apache Software Foundation Apache 1.3.26
+ Conectiva Linux 8.0
+ Conectiva Linux 7.0
+ Conectiva Linux 6.0
+ Debian Linux 3.0 sparc
+ Debian Linux 3.0 s/390
+ Debian Linux 3.0 ppc
+ Debian Linux 3.0 mipsel
+ Debian Linux 3.0 mips
+ Debian Linux 3.0 m68k
+ Debian Linux 3.0 ia-64
+ Debian Linux 3.0 ia-32
+ Debian Linux 3.0 hppa
+ Debian Linux 3.0 arm
+ Debian Linux 3.0 alpha
+ MandrakeSoft Corporate Server 2.1 x86_64
+ MandrakeSoft Corporate Server 2.1
+ Mandriva Linux Mandrake 9.0
+ OpenPKG OpenPKG 1.1
+ Trustix Secure Linux 1.5
+ Trustix Secure Linux 1.2
+ Trustix Secure Linux 1.1
Apache Software Foundation Apache 1.3.25
Apache Software Foundation Apache 1.3.24
+ OpenBSD OpenBSD 3.1
+ Oracle Oracle HTTP Server 9.2 .0
+ Oracle Oracle HTTP Server 9.0.1
+ Oracle Oracle9i Application Server 9.0.2
+ Oracle Oracle9i Application Server 1.0.2 .2
+ Oracle Oracle9i Application Server 1.0.2 .1s
+ Oracle Oracle9i Application Server 1.0.2
+ Slackware Linux 8.1
+ Unisphere Networks SDX-300 2.0.3
Apache Software Foundation Apache 1.3.23
- IBM AIX 4.3
+ Mandriva Linux Mandrake 8.2 ppc
+ Mandriva Linux Mandrake 8.2
+ RedHat Linux 7.3 i386
+ RedHat Linux 7.3
+ S.u.S.E. Linux 8.0 i386
+ S.u.S.E. Linux 8.0
+ Trustix Secure Linux 1.5
+ Trustix Secure Linux 1.2
+ Trustix Secure Linux 1.1
Apache Software Foundation Apache 1.3.22
+ Caldera OpenLinux Server 3.1.1
+ Caldera OpenLinux Server 3.1
+ Caldera OpenLinux Workstation 3.1.1
+ Caldera OpenLinux Workstation 3.1
+ Conectiva Linux 8.0
+ Conectiva Linux 7.0
+ Conectiva Linux 6.0
+ MandrakeSoft Corporate Server 1.0.1
+ Mandriva Linux Mandrake 8.1 ia64
+ Mandriva Linux Mandrake 8.1
+ Mandriva Linux Mandrake 8.0 ppc
+ Mandriva Linux Mandrake 8.0
+ Mandriva Linux Mandrake 7.2
+ OpenPKG OpenPKG 1.0
+ RedHat Linux 7.2 ia64
+ RedHat Linux 7.2 i386
+ RedHat Linux 7.1 ia64
+ RedHat Linux 7.1 i386
+ RedHat Linux 7.1 alpha
+ RedHat Linux 7.0 i386
+ RedHat Linux 7.0 alpha
+ RedHat Linux 6.2 sparc
+ RedHat Linux 6.2 i386
+ RedHat Linux 6.2 alpha
Apache Software Foundation Apache 1.3.20
- HP HP-UX 11.22
- HP HP-UX 11.20
+ MandrakeSoft Single Network Firewall 7.2
+ S.u.S.E. Linux 7.3 sparc
+ S.u.S.E. Linux 7.3 ppc
+ S.u.S.E. Linux 7.3 i386
+ S.u.S.E. Linux 7.3
+ SGI IRIX 6.5.18
+ SGI IRIX 6.5.17
+ SGI IRIX 6.5.16
+ SGI IRIX 6.5.15
+ SGI IRIX 6.5.14 m
+ SGI IRIX 6.5.14 f
+ SGI IRIX 6.5.14
+ SGI IRIX 6.5.13 m
+ SGI IRIX 6.5.13 f
+ SGI IRIX 6.5.13
+ SGI IRIX 6.5.12 m
+ SGI IRIX 6.5.12 f
+ SGI IRIX 6.5.12
+ Slackware Linux 8.0
+ Sun Cobalt Control Station 4100CS
+ Sun Cobalt RaQ 550
+ Sun Solaris 9_x86 Update 2
+ Sun Solaris 9_x86
+ Sun Solaris 9
+ Sun SunOS 5.9 _x86
+ Sun SunOS 5.9
Apache Software Foundation Apache 1.3.19
- Apple Mac OS X 10.0.3
- Caldera OpenLinux 2.4
+ Debian Linux 2.3
- Digital (Compaq) TRU64/DIGITAL UNIX 5.0
- Digital (Compaq) TRU64/DIGITAL UNIX 4.0 g
- Digital (Compaq) TRU64/DIGITAL UNIX 4.0 f
+ EnGarde Secure Linux 1.0.1
- FreeBSD FreeBSD 4.2
- FreeBSD FreeBSD 3.5.1
- HP HP-UX 11.11
- HP HP-UX 11.0 4
- HP HP-UX 11.0
- HP HP-UX 10.20
+ HP Secure OS software for Linux 1.0
- HP VirtualVault 4.5
+ Mandriva Linux Mandrake 8.1
- Mandriva Linux Mandrake 8.0
- Mandriva Linux Mandrake 7.2
- Mandriva Linux Mandrake 7.1
- NetBSD NetBSD 1.5.1
- NetBSD NetBSD 1.5
+ OpenBSD OpenBSD 2.9
- OpenBSD OpenBSD 2.8
+ OpenBSD OpenBSD 3.0
- RedHat Linux 7.1
- RedHat Linux 7.0
- RedHat Linux 6.2
+ S.u.S.E. Linux 7.2 i386
+ S.u.S.E. Linux 7.2
+ S.u.S.E. Linux 7.1 x86
+ S.u.S.E. Linux 7.1 sparc
+ S.u.S.E. Linux 7.1 ppc
+ S.u.S.E. Linux 7.1 alpha
+ S.u.S.E. Linux 7.1
+ S.u.S.E. Linux 7.0 sparc
+ S.u.S.E. Linux 7.0 ppc
+ S.u.S.E. Linux 7.0 i386
+ S.u.S.E. Linux 7.0 alpha
+ S.u.S.E. Linux 7.0
+ S.u.S.E. Linux 6.4 ppc
+ S.u.S.E. Linux 6.4 i386
+ S.u.S.E. Linux 6.4 alpha
+ S.u.S.E. Linux 6.4
- SCO eDesktop 2.4
- SCO eServer 2.3.1
- SGI IRIX 6.5.9
- SGI IRIX 6.5.8
- Sun Solaris 8_sparc
- Sun Solaris 7.0
Apache Software Foundation Apache 1.3.18
Apache Software Foundation Apache 1.3.17
+ MandrakeSoft Corporate Server 1.0.1
+ Mandriva Linux Mandrake 8.0 ppc
+ Mandriva Linux Mandrake 8.0
+ OpenBSD OpenBSD 2.8
+ S.u.S.E. Linux 7.1
Apache Software Foundation Apache 1.3.14
+ EnGarde Secure Linux 1.0.1
- MandrakeSoft Single Network Firewall 7.2
+ Mandriva Linux Mandrake 7.2
+ Mandriva Linux Mandrake 7.1
+ SGI IRIX 6.5.11
+ SGI IRIX 6.5.10
+ SGI IRIX 6.5.9
+ SGI IRIX 6.5.8
+ SGI IRIX 6.5.7
+ SGI IRIX 6.5.6
+ SGI IRIX 6.5.5
+ SGI IRIX 6.5.4
+ SGI IRIX 6.5.3
+ SGI IRIX 6.5.2
+ SGI IRIX 6.5.1
+ SGI IRIX 6.5
Apache Software Foundation Apache 1.3.12
+ NetScreen NetScreen-Global PRO Express Policy Manager Server
+ NetScreen NetScreen-Global PRO Policy Manager Server
+ OpenBSD OpenBSD 2.8
+ RedHat Linux 7.0 i386
+ RedHat Linux 7.0 alpha
+ RedHat Linux 6.2 sparc
+ RedHat Linux 6.2 i386
+ RedHat Linux 6.2 alpha
+ S.u.S.E. Linux 7.0 sparc
+ S.u.S.E. Linux 7.0
+ Sun Cobalt ManageRaQ v2 3599BD
+ Sun Cobalt Qube3 4000WG
+ Sun Cobalt RaQ XTR 3500R
+ Sun Cobalt RaQ4 3001R
Apache Software Foundation Apache 1.3.11
Apache Software Foundation Apache 1.3.9
+ Debian Linux 2.2 sparc
+ Debian Linux 2.2 powerpc
+ Debian Linux 2.2 arm
+ Debian Linux 2.2 alpha
+ Debian Linux 2.2 68k
+ Debian Linux 2.2
+ NetScreen NetScreen-Global PRO Express Policy Manager Server
+ NetScreen NetScreen-Global PRO Policy Manager Server
+ Sun Solaris 8_x86
+ Sun Solaris 8_sparc
+ Sun SunOS 5.8 _x86
+ Sun SunOS 5.8
Apache Software Foundation Apache 1.3.7 -dev
Apache Software Foundation Apache 1.3.6
+ Sun Cobalt ManageRaQ3 3000R-mr
+ Sun Cobalt RaQ3 3000R
+ Sun Cobalt Velociraptor
Apache Software Foundation Apache 1.3.4
+ BSDI BSD/OS 4.0
Apache Software Foundation Apache 1.3.3
+ RedHat Linux 5.2 sparc
+ RedHat Linux 5.2 i386
+ RedHat Linux 5.2 alpha
Apache Software Foundation Apache 1.3.1
Apache Software Foundation Apache 1.3
+ Apple Mac OS X 10.3.2
+ Apple Mac OS X 10.3.1
+ Apple Mac OS X 10.3
+ Apple Mac OS X 10.2.8
+ Apple Mac OS X 10.2.7
+ Apple Mac OS X 10.2.6
+ Apple Mac OS X 10.2.5
+ Apple Mac OS X 10.2.4
+ Apple Mac OS X 10.2.3
+ Apple Mac OS X 10.2.2
+ Apple Mac OS X 10.2.1
+ Apple Mac OS X 10.2
+ Apple Mac OS X 10.1.5
+ Apple Mac OS X 10.1.4
+ Apple Mac OS X 10.1.3
+ Apple Mac OS X 10.1.2
+ Apple Mac OS X 10.1.1
+ Apple Mac OS X 10.1
+ Apple Mac OS X Server 10.3.2
+ Apple Mac OS X Server 10.3.1
+ Apple Mac OS X Server 10.3
+ Apple Mac OS X Server 10.2.8
+ Apple Mac OS X Server 10.2.7
+ Apple Mac OS X Server 10.2.6
+ Apple Mac OS X Server 10.2.5
+ Apple Mac OS X Server 10.2.4
+ Apple Mac OS X Server 10.2.3
+ Apple Mac OS X Server 10.2.2
+ Apple Mac OS X Server 10.2.1
+ Apple Mac OS X Server 10.2
+ Apple Mac OS X Server 10.1.5
+ Apple Mac OS X Server 10.1.4
+ Apple Mac OS X Server 10.1.3
+ Apple Mac OS X Server 10.1.2
+ Apple Mac OS X Server 10.1.1
+ Apple Mac OS X Server 10.1
- Microsoft Windows 2000 Professional
- Microsoft Windows NT 4.0
Posadis Posadis 1.3.31
Apache Software Foundation Apache 2.0.49
+ S.u.S.E. Linux Personal 9.1
+ Trustix Secure Linux 2.1
+ Trustix Secure Linux 2.0
Apache Software Foundation Apache 1.3.31
+ OpenPKG OpenPKG Current

- 不受影响的程序版本

Posadis Posadis 1.3.31
Apache Software Foundation Apache 2.0.49
+ S.u.S.E. Linux Personal 9.1
+ Trustix Secure Linux 2.1
+ Trustix Secure Linux 2.0
Apache Software Foundation Apache 1.3.31
+ OpenPKG OpenPKG Current

- 漏洞讨论

Apache webserver is prone to a vulnerability that may allow remote attackers to inject escape sequences into Apache log files. This may facilitate exploitation of issues such as those found in BIDs 6936 and 6938.

Successful exploits may allow attackers to create arbitrary files and execute code on the affected system.

- 漏洞利用

No exploit is required to inject escape sequences into Apache error logs.

- 解决方案

The vendor has released an upgrade. Please see the references for details.


OpenBSD OpenBSD 3.5

OpenBSD OpenBSD 3.4

Sun Solaris 9_x86

Apache Software Foundation Apache 1.3

Apache Software Foundation Apache 1.3.1

Apache Software Foundation Apache 1.3.14

Apache Software Foundation Apache 1.3.17

Apache Software Foundation Apache 1.3.22

Apache Software Foundation Apache 1.3.23

Apache Software Foundation Apache 1.3.25

Apache Software Foundation Apache 1.3.26

Apache Software Foundation Apache 1.3.27

Apache Software Foundation Apache 1.3.28

Apache Software Foundation Apache 1.3.29

Apache Software Foundation Apache 1.3.3

Apache Software Foundation Apache 1.3.4

Apache Software Foundation Apache 1.3.7 -dev

Turbolinux Turbolinux Desktop 10.0

Apple Mac OS X 10.2.8

Apple Mac OS X Server 10.2.8

Apple Mac OS X 10.3.3

Apple Mac OS X Server 10.3.3

Apache Software Foundation Apache 2.0

Apache Software Foundation Apache 2.0 a9

Apache Software Foundation Apache 2.0.28

Apache Software Foundation Apache 2.0.28 Beta

Apache Software Foundation Apache 2.0.32

Apache Software Foundation Apache 2.0.35

Apache Software Foundation Apache 2.0.36

Apache Software Foundation Apache 2.0.37

Apache Software Foundation Apache 2.0.38

Apache Software Foundation Apache 2.0.39

Apache Software Foundation Apache 2.0.40

Apache Software Foundation Apache 2.0.41

Apache Software Foundation Apache 2.0.42

Apache Software Foundation Apache 2.0.43

Apache Software Foundation Apache 2.0.44

Apache Software Foundation Apache 2.0.45

Apache Software Foundation Apache 2.0.46

Apache Software Foundation Apache 2.0.47

Apache Software Foundation Apache 2.0.48

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站