Summary
The target is running an Apache web server which allows for the injection of arbitrary escape sequences into its error logs. An attacker might use this vulnerability in an attempt to exploit similar vulnerabilities in terminal emulators.
***** OVS has determined the vulnerability exists only by looking at ***** the Server header returned by the web server running on the target.
Solution
Upgrade to Apache version 1.3.31 or 2.0.49 or newer.
Severity
Classification
-
CVE CVE-2003-0020 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:N/I:P/A:N
Related Vulnerabilities
- APC PowerChute Business Edition Unspecified Cross Site Scripting Vulnerability
- Adobe Reader Multiple Unspecified Vulnerabilities Jun06 (Mac OS X)
- Asterisk Missing ACL Check Remote Security Bypass Vulnerability
- Apple Safari 'Webkit' Information Disclosure Vulnerability (Mac OS X)
- Adobe Reader Cross-Site Scripting & Denial of Service Vulnerabilities (Windows)