Vulnerabilities > CVE-2001-1556 - Remote Security vulnerability in Apache

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

PARTIAL

Availability impact

NONE

network

low complexity

apache

NVD

Published: 2001-12-31

Updated: 2008-09-05

Summary

The log files in Apache web server contain information directly supplied by clients and does not filter or quote control characters, which could allow remote attackers to hide HTTP requests and spoof source IP addresses when logs are viewed with UNIX programs such as cat, tail, and grep.

Vulnerable Configurations

Part	Description	Count
Application	Apache Apache Http Server *	1

Statements

contributor	Mark J Cox
lastmodified	2006-08-30
organization	Red Hat
statement	This is a duplicate CVE name and is a combination of CVE-2003-0020 and CVE-2003-0083.

References

http://archives.neohapsis.com/archives/bugtraq/2001-10/0231.html
http://httpd.apache.org/docs/logs.html
http://www.iss.net/security_center/static/7363.php