Vulnerabilities > CVE-2003-0083 - Unspecified vulnerability in Apache Http Server
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN apache
nessus
Summary
Apache 1.3 before 1.3.25 and Apache 2.0 before version 2.0.46 does not filter terminal escape sequences from its access logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences, a different vulnerability than CVE-2003-0020.
Vulnerable Configurations
Nessus
NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2003-050.NASL description A memory leak was discovered in Apache 2.0 through 2.0.44 that can allow a remote attacker to cause a significant denial of service (DoS) by sending requests containing a lot of linefeed characters to the server. As well, Apache does not filter terminal escape sequences from its log files, which could make it easy for an attacker to insert those sequences into the error and access logs, which could possibly be viewed by certain terminal emulators with vulnerabilities related to escape sequences. After upgrading these packages, be sure to restart the httpd server by executing : service httpd restart last seen 2020-06-01 modified 2020-06-02 plugin id 14034 published 2004-07-31 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/14034 title Mandrake Linux Security Advisory : apache2 (MDKSA-2003:050) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Mandrake Linux Security Advisory MDKSA-2003:050. # The text itself is copyright (C) Mandriva S.A. # include("compat.inc"); if (description) { script_id(14034); script_version ("1.16"); script_cvs_date("Date: 2019/08/02 13:32:46"); script_cve_id("CVE-2003-0020", "CVE-2003-0083", "CVE-2003-0132"); script_xref(name:"MDKSA", value:"2003:050"); script_name(english:"Mandrake Linux Security Advisory : apache2 (MDKSA-2003:050)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value: "The remote Mandrake Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "A memory leak was discovered in Apache 2.0 through 2.0.44 that can allow a remote attacker to cause a significant denial of service (DoS) by sending requests containing a lot of linefeed characters to the server. As well, Apache does not filter terminal escape sequences from its log files, which could make it easy for an attacker to insert those sequences into the error and access logs, which could possibly be viewed by certain terminal emulators with vulnerabilities related to escape sequences. After upgrading these packages, be sure to restart the httpd server by executing : service httpd restart" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:apache2"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:apache2-common"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:apache2-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:apache2-manual"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:apache2-mod_dav"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:apache2-mod_ldap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:apache2-mod_ssl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:apache2-modules"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:apache2-source"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libapr0"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:9.1"); script_set_attribute(attribute:"patch_publication_date", value:"2003/04/22"); script_set_attribute(attribute:"plugin_publication_date", value:"2004/07/31"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc."); script_family(english:"Mandriva Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux"); if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu); flag = 0; if (rpm_check(release:"MDK9.1", cpu:"i386", reference:"apache2-2.0.45-4.2mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.1", cpu:"i386", reference:"apache2-common-2.0.45-4.2mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.1", cpu:"i386", reference:"apache2-devel-2.0.45-4.2mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.1", cpu:"i386", reference:"apache2-manual-2.0.45-4.2mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.1", cpu:"i386", reference:"apache2-mod_dav-2.0.45-4.2mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.1", cpu:"i386", reference:"apache2-mod_ldap-2.0.45-4.2mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.1", cpu:"i386", reference:"apache2-mod_ssl-2.0.45-4.2mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.1", cpu:"i386", reference:"apache2-modules-2.0.45-4.2mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.1", cpu:"i386", reference:"apache2-source-2.0.45-4.2mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.1", cpu:"i386", reference:"libapr0-2.0.45-4.2mdk", yank:"mdk")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
NASL family Web Servers NASL id APACHE_2_0_42.NASL description The remote host appears to be running a version of Apache 2.0.x prior to 2.0.43. It is, therefore, affected by an information disclosure vulnerability. An attacker can exploit this vulnerability by making a POST request to files in a folder with both WebDAV and CGI enabled. *** Note that Nessus solely relied on the version number *** of the remote server to issue this warning. This might *** be a false positive. last seen 2020-06-01 modified 2020-06-02 plugin id 11408 published 2003-03-17 reporter This script is Copyright (C) 2003-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/11408 title Apache 2.0.x < 2.0.43 Multiple Vulnerabilities (Log Injection, Source Disc.) code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if(description) { script_id(11408); script_cvs_date("Date: 2018/06/29 12:01:03"); script_bugtraq_id(6065); script_cve_id("CVE-2002-1156", "CVE-2003-0083"); script_version("1.31"); script_name(english:"Apache 2.0.x < 2.0.43 Multiple Vulnerabilities (Log Injection, Source Disc.)"); script_summary(english:"Checks for version of Apache"); script_set_attribute(attribute:"synopsis", value: "The remote web server is affected by an information disclosure vulnerability."); script_set_attribute(attribute:"description", value: "The remote host appears to be running a version of Apache 2.0.x prior to 2.0.43. It is, therefore, affected by an information disclosure vulnerability. An attacker can exploit this vulnerability by making a POST request to files in a folder with both WebDAV and CGI enabled. *** Note that Nessus solely relied on the version number *** of the remote server to issue this warning. This might *** be a false positive." ); script_set_attribute(attribute:"see_also", value:"https://archive.apache.org/dist/httpd/CHANGES_2.0" ); script_set_attribute(attribute:"solution", value: "Upgrade to Apache web server version 2.0.43 or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_publication_date", value: "2003/03/17"); script_set_attribute(attribute:"vuln_publication_date", value: "2002/05/21"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_set_attribute(attribute:"cpe", value:"cpe:/a:apache:http_server"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2003-2018 Tenable Network Security, Inc."); script_family(english:"Web Servers"); script_dependencie("apache_http_version.nasl"); script_require_keys("installed_sw/Apache"); script_require_ports("Services/www", 80); exit(0); } # # The script code starts here # include("global_settings.inc"); include("misc_func.inc"); include("http.inc"); include("audit.inc"); include("install_func.inc"); get_install_count(app_name:"Apache", exit_if_zero:TRUE); port = get_http_port(default:80); install = get_single_install(app_name:"Apache", port:port, exit_if_unknown_ver:TRUE); # Check if we could get a version first, then check if it was # backported version = get_kb_item_or_exit('www/apache/'+port+'/version', exit_code:1); backported = get_kb_item_or_exit('www/apache/'+port+'/backported', exit_code:1); if (report_paranoia < 2 && backported) audit(AUDIT_BACKPORT_SERVICE, port, "Apache"); source = get_kb_item_or_exit('www/apache/'+port+'/source', exit_code:1); # Check if the version looks like either ServerTokens Major/Minor # was used if (version =~ '^2(\\.0)?$') exit(1, "The banner from the Apache server listening on port "+port+" - "+source+" - is not granular enough to make a determination."); if (version !~ "^\d+(\.\d+)*$") exit(1, "The version of Apache listening on port " + port + " - " + version + " - is non-numeric and, therefore, cannot be used to make a determination."); if (version =~ '^2\\.0' && ver_compare(ver:version, fix:'2.0.43') == -1) { if (report_verbosity > 0) { report = '\n Version source : ' + source + '\n Installed version : ' + version + '\n Fixed version : 2.0.43\n'; security_warning(port:port, extra:report); } else security_warning(port); exit(0); } else audit(AUDIT_LISTEN_NOT_VULN, "Apache", port, install["version"]);
Oval
accepted | 2010-09-20T04:00:14.074-04:00 | ||||||||||||||||
class | vulnerability | ||||||||||||||||
contributors |
| ||||||||||||||||
description | Apache 1.3 before 1.3.25 and Apache 2.0 before version 2.0.46 does not filter terminal escape sequences from its access logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences, a different vulnerability than CVE-2003-0020. | ||||||||||||||||
family | unix | ||||||||||||||||
id | oval:org.mitre.oval:def:151 | ||||||||||||||||
status | accepted | ||||||||||||||||
submitted | 2003-08-17T12:00:00.000-04:00 | ||||||||||||||||
title | Apache Terminal Escape Sequence Vulnerability II | ||||||||||||||||
version | 40 |
Packetstorm
data source https://packetstormsecurity.com/files/download/85018/log-inject.txt id PACKETSTORM:85018 last seen 2016-12-05 published 2010-01-11 reporter Francesco Ongaro source https://packetstormsecurity.com/files/85018/Nginx-Varnish-Cherokee-etc-Log-Injection.html title Nginx, Varnish, Cherokee, etc Log Injection data source https://packetstormsecurity.com/files/download/82197/jetty-xssdisclose.txt id PACKETSTORM:82197 last seen 2016-12-05 published 2009-10-26 reporter Francesco Ongaro source https://packetstormsecurity.com/files/82197/Jetty-6.x-7.x-Information-Disclosure-XSS.html title Jetty 6.x / 7.x Information Disclosure / XSS
Redhat
advisories |
|
Seebug
bulletinFamily exploit description CVE(CAN) ID: CVE-2003-0083 Apache是一款广泛使用的开放源代码WEB服务程序。 Apache对日志中的转义序列处理存在问题,攻击者可能利用恶意的日志信息在服务器执行任意命令。 Apache无法过滤错误日志中以ASCII(0x1B)序列开始且带有一系列参数的终端转义序列。如果攻击者能够向Apache错误日志中注入转义序列的话,就可能对远程用户发动各种攻击,包括拒绝服务,文件修改和执行任意命令。 Apache Group Apache 1.3.9 Apache Group Apache 1.3.6 Apache Group Apache 1.3.4 Apache Group Apache 1.3.3 Apache Group Apache 1.3.24 Apache Group Apache 1.3.22 Apache Group Apache 1.3.20 Apache Group Apache 1.3.2 Apache Group Apache 1.3.19 Apache Group Apache 1.3.17 Apache Group Apache 1.3.14 Apache Group Apache 1.3.12 Apache Group Apache 1.3.11 Apache Group Apache 1.3.1 Apache Group Apache 1.3.0 Apache Group ------------ 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: <a href=http://www.apache.org target=_blank>http://www.apache.org</a> id SSV:4148 last seen 2017-11-19 modified 2008-10-05 published 2008-10-05 reporter Root title Apache终端转义序列过滤漏洞 bulletinFamily exploit description No description provided by source. id SSV:17994 last seen 2017-11-19 modified 2009-10-26 published 2009-10-26 reporter Root source https://www.seebug.org/vuldb/ssvid-17994 title jetty 6.x - 7.x xss information disclosure injection bulletinFamily exploit description No description provided by source. id SSV:14432 last seen 2017-11-19 modified 2009-10-26 published 2009-10-26 reporter Root source https://www.seebug.org/vuldb/ssvid-14432 title jetty 6.x - 7.x xss information disclosure injection bulletinFamily exploit description No description provided by source. id SSV:66957 last seen 2017-11-19 modified 2014-07-01 published 2014-07-01 reporter Root source https://www.seebug.org/vuldb/ssvid-66957 title jetty 6.x - 7.x xss, information disclosure, injection
Statements
contributor | Mark J Cox |
lastmodified | 2008-07-02 |
organization | Apache |
statement | Fixed in Apache HTTP Server 2.0.46 and 1.3.26: http://httpd.apache.org/security/vulnerabilities_20.html http://httpd.apache.org/security/vulnerabilities_13.html |
References
- http://cvs.apache.org/viewcvs.cgi/apache-1.3/src/modules/standard/mod_log_config.c?only_with_tag=APACHE_1_3_25
- http://www.redhat.com/support/errata/RHSA-2003-139.html
- http://cvs.apache.org/viewcvs.cgi/httpd-2.0/modules/loggers/mod_log_config.c?only_with_tag=APACHE_2_0_BRANCH
- http://secunia.com/advisories/8146
- http://marc.info/?l=bugtraq&m=108034113406858&w=2
- http://marc.info/?l=bugtraq&m=108024081011678&w=2
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A151
- https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/re028d61fe612b0908595d658b9b39e74bca56f2a1ed3c5f06b5ab571%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/r7035b7c9091c4b665a3b7205364775410646f12125d48e74e395f2ce%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/rd00b45b93fda4a5bd013b28587207d0e00f99f6e3308dbb6025f3b01%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/rf2f0f3611f937cf6cfb3b4fe4a67f69885855126110e1e3f2fb2728e%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/r5001ecf3d6b2bdd0b732e527654248abb264f08390045d30709a92f6%40%3Ccvs.httpd.apache.org%3E