Executive Summary
| Informations | |||
|---|---|---|---|
| Name | CVE-2003-0083 | First vendor Publication | 2003-04-02 |
| Vendor | Cve | Last vendor Modification | 2023-11-07 |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:L/Au:N/C:N/I:P/A:N) | |||
|---|---|---|---|
| Cvss Base Score | 5 | Attack Range | Network |
| Cvss Impact Score | 2.9 | Attack Complexity | Low |
| Cvss Expoit Score | 10 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| Apache 1.3 before 1.3.25 and Apache 2.0 before version 2.0.46 does not filter terminal escape sequences from its access logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences, a different vulnerability than CVE-2003-0020. |
Original Source
| Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0083 |
CAPEC : Common Attack Pattern Enumeration & Classification
| Id | Name |
|---|---|
| CAPEC-15 | Command Delimiters |
| CAPEC-41 | Using Meta-characters in E-mail Headers to Inject Malicious Payloads |
| CAPEC-81 | Web Logs Tampering |
| CAPEC-93 | Log Injection-Tampering-Forging |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|
OVAL Definitions
| Definition Id: oval:org.mitre.oval:def:151 | |||
| Oval ID: | oval:org.mitre.oval:def:151 | ||
| Title: | Apache Terminal Escape Sequence Vulnerability II | ||
| Description: | Apache 1.3 before 1.3.25 and Apache 2.0 before version 2.0.46 does not filter terminal escape sequences from its access logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences, a different vulnerability than CVE-2003-0020. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2003-0083 | Version: | 4 |
| Platform(s): | Red Hat Linux 9 | Product(s): | Apache |
| Definition Synopsis: | |||
| |||
CPE : Common Platform Enumeration
ExploitDB Exploits
| id | Description |
|---|---|
| 2009-10-26 | jetty 6.x - 7.x xss, information disclosure, injection |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 9711 | Apache HTTP Server Access Log Terminal Escape Sequence Injection |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2004-07-31 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2003-050.nasl - Type : ACT_GATHER_INFO |
| 2003-03-17 | Name : The remote web server is affected by an information disclosure vulnerability. File : apache_2_0_42.nasl - Type : ACT_GATHER_INFO |
Sources (Detail)
Alert History
| Date | Informations |
|---|---|
| 2023-11-07 21:48:11 |
|
| 2023-08-12 12:02:36 |
|
| 2023-08-12 01:01:17 |
|
| 2023-08-11 12:02:13 |
|
| 2023-08-11 01:01:19 |
|
| 2023-08-06 12:02:03 |
|
| 2023-08-06 01:01:18 |
|
| 2023-08-04 12:02:06 |
|
| 2023-08-04 01:01:18 |
|
| 2023-07-14 12:02:05 |
|
| 2023-07-14 01:01:19 |
|
| 2023-03-29 01:02:03 |
|
| 2023-03-28 12:01:23 |
|
| 2021-07-16 00:23:11 |
|
| 2021-06-25 01:01:24 |
|
| 2021-06-06 17:23:05 |
|
| 2021-06-03 13:23:14 |
|
| 2021-05-04 12:02:09 |
|
| 2021-04-22 01:02:22 |
|
| 2021-03-30 17:22:45 |
|
| 2020-10-14 21:22:52 |
|
| 2020-05-23 00:15:20 |
|
| 2019-08-20 12:00:45 |
|
| 2017-10-11 09:23:16 |
|
| 2016-10-18 12:01:09 |
|
| 2016-04-26 12:30:05 |
|
| 2014-02-17 10:25:48 |
|
| 2013-05-11 11:50:28 |
|
