| VID |
22264 |
| Severity |
30 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
WWW |
| Detailed Description |
The Apache web server, according to its banner, is vulnerable to a Escape Sequence Injection Vulnerability.
Typically, an escape sequence is a series of characters starting with the ASCII escape
character (0x1B) and followed by a specific set of arguments. it's used to control the display features of devices such as the printer or the monitor. Several versions of the Apache web server could allow attackers to inject escape sequences into Apache log files, caused by improper filtering escape sequences from error logs. It could make it easier for attackers to launch attacks using many terminal emulator software packages containing vulnerabilities related to escape sequences. This could include denial of service attacks, file modification, data modification, and possibly the execution of arbitrary commands.
* Note: This check solely relied on the banner of the remote Web server to assess this vulnerability, so this might be a false positive.
* References:
http://www.digitaldefense.net/labs/papers/Termulation.txt
* Platforms Affected:
Apache Software Foundation Apache HTTP Server 1.3.x
Apache Software Foundation Apache HTTP Server 2.0.x
Red Hat Linux 7.1, 7.2, 7.3, 8.0, 9
Mandrake Linux 10.0, 9.1, 9.2, Corporate Server 2.1, Multi Network Firewall 8.2
Slackware Linux 8.1, 9.0, 9.1, current
Trustix: Trustix Secure Linux 1.5, 2.0, 2.1
Turbolinux 10 Desktop
Conectiva Linux 8.0, 9.0
IRIX 2.2.1, 2.3
Windows, Linux, Unix : Any version |
| Recommendation |
For Apache HTTP Server 1.3.x and 2.0.x:
Upgrade to the latest version of Apache HTTP Server (1.3.31 or later, or 2.0.49 or later), available from Apache Software Foundation download site at http://httpd.apache.org/download.cgi
For RedHat Linux 7.x and 8.0, 9
Upgrade to the latest apache(httpd) package by referring to Red Hat Security Advisory RHSA-2003:139-07 and RHSA-2003:243-07 :
https://rhn.redhat.com/errata/RHSA-2003-243.html
https://rhn.redhat.com/errata/RHSA-2003-139.html
For Trustix Secure Linux 1.5 and 2.x:
Upgrade to the latest apache package by referring to Trustix Secure Linux Security Advisory #2004-0017 and #2004-0027 :
http://www.linuxsecurity.com/advisories/trustix_advisory-4174.html
http://www.linuxsecurity.com/advisories/trustix_advisory-4337.html
For Conectiva Linux:
Upgrade to the latest apache package by referring to Conectiva Linux Security Announcement CLSA-2004:839: http://distro.conectiva.com/atualizacoes/index.php?id=a&anuncio=000839
For Slackware Linux:
Upgrade to the latest apache package by referring to slackware-security Mailing List, Wed, 12 May 2004 16:54:58 -0700 (PDT): http://www.slackware.org/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.529643
For Mandrake Linux:
Upgrade to the latest apache package by referring to MandrakeSoft Security Advisory MDKSA-2004:046: http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:046
For Turbolinux:
Upgrade to the latest httpd package by referring to Turbolinux Security Advisory TLSA-2004-11:
http://www.turbolinux.com/security/2004/TLSA-2004-11.txt
For other distributions:
Contact your vendor for upgrade or patch information. |
| Related URL |
CVE-2003-0020 (CVE) |
| Related URL |
9930 (SecurityFocus) |
| Related URL |
11412 (ISS) |
|
