Apache does not filter terminal escape sequences from its error logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Http_server | Apache | 1.3.0 (including) | 1.3.31 (excluding) |
Http_server | Apache | 2.0.0 (including) | 2.0.49 (excluding) |
Red Hat Enterprise Linux AS (Advanced Server) version 2.1 | RedHat | * | |
Red Hat Enterprise Linux ES version 2.1 | RedHat | * | |
Red Hat Enterprise Linux WS version 2.1 | RedHat | * | |
Red Hat Linux 7.1 | RedHat | * | |
Red Hat Linux 7.2 | RedHat | * | |
Red Hat Linux 7.3 | RedHat | * | |
Red Hat Linux 8.0 | RedHat | * | |
Red Hat Linux 9 | RedHat | * | |
Red Hat Linux Advanced Workstation 2.1 | RedHat | * | |
Red Hat Stronghold 3 | RedHat | * | |
Red Hat Stronghold 4 | RedHat | * | |
Stronghold 4 for Red Hat Enterprise Linux | RedHat | * | |
Apache | Ubuntu | dapper | * |
Apache | Ubuntu | edgy | * |
Apache | Ubuntu | feisty | * |