Description
The log files in Apache web server contain information directly supplied by clients and does not filter or quote control characters, which could allow remote attackers to hide HTTP requests and spoof source IP addresses when logs are viewed with UNIX programs such as cat, tail, and grep.
References (3)
Core 3
Core References
Broken Link vdb-entry
x_refsource_xf
http://www.iss.net/security_center/static/7363.php
Vendor Advisory x_refsource_confirm
http://httpd.apache.org/docs/logs.html
Broken Link mailing-list
x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2001-10/0231.html
Scores
EPSS
0.0177
EPSS Percentile
82.7%
Details
CWE
CWE-532
Status
published
Products (1)
apache/http_server
1.3.0 - 1.3.31
Published
Dec 31, 2001
Tracked Since
Feb 18, 2026