Vulnerabilities > CVE-2003-0083 - Unspecified vulnerability in Apache Http Server

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
apache
nessus
NVD
Published: 2003-04-02
Updated: 2023-11-07

Summary

Apache 1.3 before 1.3.25 and Apache 2.0 before version 2.0.46 does not filter terminal escape sequences from its access logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences, a different vulnerability than CVE-2003-0020.

Vulnerable Configurations

Part Description Count
Application
Apache
75

Nessus

  • NASL familyMandriva Local Security Checks
    NASL idMANDRAKE_MDKSA-2003-050.NASL
    descriptionA memory leak was discovered in Apache 2.0 through 2.0.44 that can allow a remote attacker to cause a significant denial of service (DoS) by sending requests containing a lot of linefeed characters to the server. As well, Apache does not filter terminal escape sequences from its log files, which could make it easy for an attacker to insert those sequences into the error and access logs, which could possibly be viewed by certain terminal emulators with vulnerabilities related to escape sequences. After upgrading these packages, be sure to restart the httpd server by executing : service httpd restart
    last seen2020-06-01
    modified2020-06-02
    plugin id14034
    published2004-07-31
    reporterThis script is Copyright (C) 2004-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/14034
    titleMandrake Linux Security Advisory : apache2 (MDKSA-2003:050)
    code
    #%NASL_MIN_LEVEL 80502

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Mandrake Linux Security Advisory MDKSA-2003:050. 
# The text itself is copyright (C) Mandriva S.A.
#

include("compat.inc");

if (description)
{
  script_id(14034);
  script_version ("1.16");
  script_cvs_date("Date: 2019/08/02 13:32:46");

  script_cve_id("CVE-2003-0020", "CVE-2003-0083", "CVE-2003-0132");
  script_xref(name:"MDKSA", value:"2003:050");

  script_name(english:"Mandrake Linux Security Advisory : apache2 (MDKSA-2003:050)");
  script_summary(english:"Checks rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Mandrake Linux host is missing one or more security
updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"A memory leak was discovered in Apache 2.0 through 2.0.44 that can
allow a remote attacker to cause a significant denial of service (DoS)
by sending requests containing a lot of linefeed characters to the
server.

As well, Apache does not filter terminal escape sequences from its log
files, which could make it easy for an attacker to insert those
sequences into the error and access logs, which could possibly be
viewed by certain terminal emulators with vulnerabilities related to
escape sequences.

After upgrading these packages, be sure to restart the httpd server by
executing :

service httpd restart"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:apache2");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:apache2-common");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:apache2-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:apache2-manual");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:apache2-mod_dav");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:apache2-mod_ldap");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:apache2-mod_ssl");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:apache2-modules");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:apache2-source");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libapr0");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:9.1");

  script_set_attribute(attribute:"patch_publication_date", value:"2003/04/22");
  script_set_attribute(attribute:"plugin_publication_date", value:"2004/07/31");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc.");
  script_family(english:"Mandriva Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux");
if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu);


flag = 0;
if (rpm_check(release:"MDK9.1", cpu:"i386", reference:"apache2-2.0.45-4.2mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK9.1", cpu:"i386", reference:"apache2-common-2.0.45-4.2mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK9.1", cpu:"i386", reference:"apache2-devel-2.0.45-4.2mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK9.1", cpu:"i386", reference:"apache2-manual-2.0.45-4.2mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK9.1", cpu:"i386", reference:"apache2-mod_dav-2.0.45-4.2mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK9.1", cpu:"i386", reference:"apache2-mod_ldap-2.0.45-4.2mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK9.1", cpu:"i386", reference:"apache2-mod_ssl-2.0.45-4.2mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK9.1", cpu:"i386", reference:"apache2-modules-2.0.45-4.2mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK9.1", cpu:"i386", reference:"apache2-source-2.0.45-4.2mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK9.1", cpu:"i386", reference:"libapr0-2.0.45-4.2mdk", yank:"mdk")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
  else security_warning(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
  • NASL familyWeb Servers
    NASL idAPACHE_2_0_42.NASL
    descriptionThe remote host appears to be running a version of Apache 2.0.x prior to 2.0.43. It is, therefore, affected by an information disclosure vulnerability. An attacker can exploit this vulnerability by making a POST request to files in a folder with both WebDAV and CGI enabled. *** Note that Nessus solely relied on the version number *** of the remote server to issue this warning. This might *** be a false positive.
    last seen2020-06-01
    modified2020-06-02
    plugin id11408
    published2003-03-17
    reporterThis script is Copyright (C) 2003-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/11408
    titleApache 2.0.x < 2.0.43 Multiple Vulnerabilities (Log Injection, Source Disc.)
    code
    #
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if(description)
{
 script_id(11408);
 script_cvs_date("Date: 2018/06/29 12:01:03");

 script_bugtraq_id(6065);
 script_cve_id("CVE-2002-1156", "CVE-2003-0083");

 script_version("1.31");
 
 script_name(english:"Apache 2.0.x < 2.0.43 Multiple Vulnerabilities (Log Injection, Source Disc.)");
 script_summary(english:"Checks for version of Apache");

 script_set_attribute(attribute:"synopsis", value:
"The remote web server is affected by an information disclosure
vulnerability.");
 script_set_attribute(attribute:"description", value:
"The remote host appears to be running a version of Apache 2.0.x prior
to 2.0.43. It is, therefore, affected by an information disclosure
vulnerability. An attacker can exploit this vulnerability by making a
POST request to files in a folder with both WebDAV and CGI enabled. 

*** Note that Nessus solely relied on the version number
*** of the remote server to issue this warning. This might
*** be a false positive." );
 script_set_attribute(attribute:"see_also", value:"https://archive.apache.org/dist/httpd/CHANGES_2.0" );
 script_set_attribute(attribute:"solution", value:
"Upgrade to Apache web server version 2.0.43 or later.");
 script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N");
 script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
 script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N");
 script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
 script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
 script_set_attribute(attribute:"exploit_available", value:"false");

 script_set_attribute(attribute:"plugin_publication_date", value: "2003/03/17");
 script_set_attribute(attribute:"vuln_publication_date", value: "2002/05/21");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe", value:"cpe:/a:apache:http_server");
script_end_attributes();

 
 script_category(ACT_GATHER_INFO);
 
 script_copyright(english:"This script is Copyright (C) 2003-2018 Tenable Network Security, Inc.");
 script_family(english:"Web Servers");
 script_dependencie("apache_http_version.nasl");
 script_require_keys("installed_sw/Apache");
 script_require_ports("Services/www", 80);
 exit(0);
}

#
# The script code starts here
#
include("global_settings.inc");
include("misc_func.inc");
include("http.inc");
include("audit.inc");
include("install_func.inc");

get_install_count(app_name:"Apache", exit_if_zero:TRUE);
port = get_http_port(default:80);
install = get_single_install(app_name:"Apache", port:port, exit_if_unknown_ver:TRUE);
 
# Check if we could get a version first, then check if it was
# backported
version = get_kb_item_or_exit('www/apache/'+port+'/version', exit_code:1);
backported = get_kb_item_or_exit('www/apache/'+port+'/backported', exit_code:1);
        
if (report_paranoia < 2 && backported) audit(AUDIT_BACKPORT_SERVICE, port, "Apache");
source = get_kb_item_or_exit('www/apache/'+port+'/source', exit_code:1);
           
# Check if the version looks like either ServerTokens Major/Minor
# was used
if (version =~ '^2(\\.0)?$') exit(1, "The banner from the Apache server listening on port "+port+" - "+source+" - is not granular enough to make a determination.");

if (version !~ "^\d+(\.\d+)*$") exit(1, "The version of Apache listening on port " + port + " - " + version + " - is non-numeric and, therefore, cannot be used to make a determination.");
if (version =~ '^2\\.0' && ver_compare(ver:version, fix:'2.0.43') == -1)
{
  if (report_verbosity > 0)
  {
    report = 
      '\n  Version source    : ' + source +
      '\n  Installed version : ' + version +
      '\n  Fixed version     : 2.0.43\n';
    security_warning(port:port, extra:report);
  }
  else security_warning(port);
  exit(0);
}
else audit(AUDIT_LISTEN_NOT_VULN, "Apache", port, install["version"]);

Oval

accepted2010-09-20T04:00:14.074-04:00
classvulnerability
contributors
  • nameJay Beale
    organizationBastille Linux
  • nameJay Beale
    organizationBastille Linux
  • nameThomas R. Jones
    organizationMaitreya Security
  • nameJonathan Baker
    organizationThe MITRE Corporation
descriptionApache 1.3 before 1.3.25 and Apache 2.0 before version 2.0.46 does not filter terminal escape sequences from its access logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences, a different vulnerability than CVE-2003-0020.
familyunix
idoval:org.mitre.oval:def:151
statusaccepted
submitted2003-08-17T12:00:00.000-04:00
titleApache Terminal Escape Sequence Vulnerability II
version40

Packetstorm

Redhat

advisories
rhsa
idRHSA-2003:139

Seebug

  • bulletinFamilyexploit
    descriptionCVE(CAN) ID: CVE-2003-0083 Apache是一款广泛使用的开放源代码WEB服务程序。 Apache对日志中的转义序列处理存在问题,攻击者可能利用恶意的日志信息在服务器执行任意命令。 Apache无法过滤错误日志中以ASCII(0x1B)序列开始且带有一系列参数的终端转义序列。如果攻击者能够向Apache错误日志中注入转义序列的话,就可能对远程用户发动各种攻击,包括拒绝服务,文件修改和执行任意命令。 Apache Group Apache 1.3.9 Apache Group Apache 1.3.6 Apache Group Apache 1.3.4 Apache Group Apache 1.3.3 Apache Group Apache 1.3.24 Apache Group Apache 1.3.22 Apache Group Apache 1.3.20 Apache Group Apache 1.3.2 Apache Group Apache 1.3.19 Apache Group Apache 1.3.17 Apache Group Apache 1.3.14 Apache Group Apache 1.3.12 Apache Group Apache 1.3.11 Apache Group Apache 1.3.1 Apache Group Apache 1.3.0 Apache Group ------------ 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: <a href=http://www.apache.org target=_blank>http://www.apache.org</a>
    idSSV:4148
    last seen2017-11-19
    modified2008-10-05
    published2008-10-05
    reporterRoot
    titleApache终端转义序列过滤漏洞
  • bulletinFamilyexploit
    descriptionNo description provided by source.
    idSSV:17994
    last seen2017-11-19
    modified2009-10-26
    published2009-10-26
    reporterRoot
    sourcehttps://www.seebug.org/vuldb/ssvid-17994
    titlejetty 6.x - 7.x xss information disclosure injection
  • bulletinFamilyexploit
    descriptionNo description provided by source.
    idSSV:14432
    last seen2017-11-19
    modified2009-10-26
    published2009-10-26
    reporterRoot
    sourcehttps://www.seebug.org/vuldb/ssvid-14432
    titlejetty 6.x - 7.x xss information disclosure injection
  • bulletinFamilyexploit
    descriptionNo description provided by source.
    idSSV:66957
    last seen2017-11-19
    modified2014-07-01
    published2014-07-01
    reporterRoot
    sourcehttps://www.seebug.org/vuldb/ssvid-66957
    titlejetty 6.x - 7.x xss, information disclosure, injection

Statements

contributorMark J Cox
lastmodified2008-07-02
organizationApache
statementFixed in Apache HTTP Server 2.0.46 and 1.3.26: http://httpd.apache.org/security/vulnerabilities_20.html http://httpd.apache.org/security/vulnerabilities_13.html

References