CVE-2001-1556
Apache HTTP Server 1.3.0-1.3.30 - Log Injection via Control Characters
Title source: llmDescription
The log files in Apache web server contain information directly supplied by clients and does not filter or quote control characters, which could allow remote attackers to hide HTTP requests and spoof source IP addresses when logs are viewed with UNIX programs such as cat, tail, and grep.
References (3)
Core 3
Core References
Broken Link vdb-entry
x_refsource_xf
http://www.iss.net/security_center/static/7363.php
Vendor Advisory x_refsource_confirm
http://httpd.apache.org/docs/logs.html
Broken Link mailing-list
x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2001-10/0231.html
Scores
EPSS
0.0356
EPSS Percentile
87.9%
Details
CWE
CWE-532
Status
published
Products (1)
apache/http_server
1.3.0 - 1.3.31
Published
Dec 31, 2001
Tracked Since
Feb 18, 2026