Apache 1.3 before 1.3.25 and Apache 2.0 before version 2.0.46 does not filter terminal escape sequences from its access logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences, a different vulnerability than CVE-2003-0020.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Http_server | Apache | 1.3.0 (including) | 1.3.26 (excluding) |
Http_server | Apache | 2.0.0 (including) | 2.0.46 (excluding) |
Red Hat Linux 8.0 | RedHat | * | |
Red Hat Linux 9 | RedHat | * | |
Red Hat Stronghold 3 | RedHat | * | |
Red Hat Stronghold 4 | RedHat | * | |
Stronghold 4 for Red Hat Enterprise Linux | RedHat | * |