CVE-2003-0020

Apache does not filter terminal escape sequences from its error logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences.

CVSS v2.0 5.0 MEDIUM

5.0^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:N/I:P/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://www.securityfocus.com/bid/9930	Third Party Advisory VDB Entry
http://www.iss.net/security_center/static/11412.php	Broken Link
http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.html	Broken Link
http://security.gentoo.org/glsa/glsa-200405-22.xml	Third Party Advisory
http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:050	Broken Link
http://frontal2.mandriva.com/security/advisories?name=MDKSA-2004:046	Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2003-082.html	Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2003-083.html	Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2003-104.html	Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2003-139.html	Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2003-243.html	Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2003-244.html	Third Party Advisory
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.529643	Mailing List Third Party Advisory
http://sunsolve.sun.com/search/document.do?assetkey=1-26-57628-1	Broken Link
http://sunsolve.sun.com/search/document.do?assetkey=1-26-101555-1	Broken Link
http://www.trustix.org/errata/2004/0017	Broken Link
http://www.trustix.org/errata/2004/0027	Broken Link
http://marc.info/?l=bugtraq&m=104612710031920&w=2	Third Party Advisory
http://marc.info/?l=bugtraq&m=108369640424244&w=2	Third Party Advisory
http://marc.info/?l=bugtraq&m=108731648532365&w=2	Third Party Advisory
http://marc.info/?l=bugtraq&m=108437852004207&w=2	Third Party Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4114	Third Party Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A150	Third Party Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100109	Third Party Advisory
https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac@%3Ccvs.httpd.apache.org%3E	Mailing List Vendor Advisory
https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79@%3Ccvs.httpd.apache.org%3E	Mailing List Vendor Advisory
https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc@%3Ccvs.httpd.apache.org%3E	Mailing List Vendor Advisory
https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb@%3Ccvs.httpd.apache.org%3E	Mailing List Vendor Advisory
https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r7035b7c9091c4b665a3b7205364775410646f12125d48e74e395f2ce@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/re028d61fe612b0908595d658b9b39e74bca56f2a1ed3c5f06b5ab571@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rd00b45b93fda4a5bd013b28587207d0e00f99f6e3308dbb6025f3b01@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r5001ecf3d6b2bdd0b732e527654248abb264f08390045d30709a92f6@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rf2f0f3611f937cf6cfb3b4fe4a67f69885855126110e1e3f2fb2728e@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:apache:http_server::::::::
	cpe:2.3:a:apache:http_server::::::::

Information

Published : 2003-03-17 21:00

Updated : 2021-06-06 04:15

NVD link : CVE-2003-0020

Mitre link : CVE-2003-0020

JSON object : View

CWE

NVD-CWE-Other

Products Affected

apache

http_server

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.securityfocus.com/bid/9930", "name": "9930", "tags": ["Third Party Advisory", "VDB Entry"], "refsource": "BID"}, {"url": "http://www.iss.net/security_center/static/11412.php", "name": "apache-esc-seq-injection(11412)", "tags": ["Broken Link"], "refsource": "XF"}, {"url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.html", "name": "20030224 Terminal Emulator Security Issues", "tags": ["Broken Link"], "refsource": "VULNWATCH"}, {"url": "http://security.gentoo.org/glsa/glsa-200405-22.xml", "name": "GLSA-200405-22", "tags": ["Third Party Advisory"], "refsource": "GENTOO"}, {"url": "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:050", "name": "MDKSA-2003:050", "tags": ["Broken Link"], "refsource": "MANDRAKE"}, {"url": "http://frontal2.mandriva.com/security/advisories?name=MDKSA-2004:046", "name": "MDKSA-2004:046", "tags": ["Third Party Advisory"], "refsource": "MANDRAKE"}, {"url": "http://www.redhat.com/support/errata/RHSA-2003-082.html", "name": "RHSA-2003:082", "tags": ["Third Party Advisory"], "refsource": "REDHAT"}, {"url": "http://www.redhat.com/support/errata/RHSA-2003-083.html", "name": "RHSA-2003:083", "tags": ["Third Party Advisory"], "refsource": "REDHAT"}, {"url": "http://www.redhat.com/support/errata/RHSA-2003-104.html", "name": "RHSA-2003:104", "tags": ["Third Party Advisory"], "refsource": "REDHAT"}, {"url": "http://www.redhat.com/support/errata/RHSA-2003-139.html", "name": "RHSA-2003:139", "tags": ["Third Party Advisory"], "refsource": "REDHAT"}, {"url": "http://www.redhat.com/support/errata/RHSA-2003-243.html", "name": "RHSA-2003:243", "tags": ["Third Party Advisory"], "refsource": "REDHAT"}, {"url": "http://www.redhat.com/support/errata/RHSA-2003-244.html", "name": "RHSA-2003:244", "tags": ["Third Party Advisory"], "refsource": "REDHAT"}, {"url": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.529643", "name": "SSA:2004-133", "tags": ["Mailing List", "Third Party Advisory"], "refsource": "SLACKWARE"}, {"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57628-1", "name": "57628", "tags": ["Broken Link"], "refsource": "SUNALERT"}, {"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101555-1", "name": "101555", "tags": ["Broken Link"], "refsource": "SUNALERT"}, {"url": "http://www.trustix.org/errata/2004/0017", "name": "2004-0017", "tags": ["Broken Link"], "refsource": "TRUSTIX"}, {"url": "http://www.trustix.org/errata/2004/0027", "name": "2004-0027", "tags": ["Broken Link"], "refsource": "TRUSTIX"}, {"url": "http://marc.info/?l=bugtraq&m=104612710031920&w=2", "name": "20030224 Terminal Emulator Security Issues", "tags": ["Third Party Advisory"], "refsource": "BUGTRAQ"}, {"url": "http://marc.info/?l=bugtraq&m=108369640424244&w=2", "name": "APPLE-SA-2004-05-03", "tags": ["Third Party Advisory"], "refsource": "APPLE"}, {"url": "http://marc.info/?l=bugtraq&m=108731648532365&w=2", "name": "SSRT4717", "tags": ["Third Party Advisory"], "refsource": "HP"}, {"url": "http://marc.info/?l=bugtraq&m=108437852004207&w=2", "name": "20040512 [OpenPKG-SA-2004.021] OpenPKG Security Advisory (apache)", "tags": ["Third Party Advisory"], "refsource": "BUGTRAQ"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4114", "name": "oval:org.mitre.oval:def:4114", "tags": ["Third Party Advisory"], "refsource": "OVAL"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A150", "name": "oval:org.mitre.oval:def:150", "tags": ["Third Party Advisory"], "refsource": "OVAL"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100109", "name": "oval:org.mitre.oval:def:100109", "tags": ["Third Party Advisory"], "refsource": "OVAL"}, {"url": "https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac@%3Ccvs.httpd.apache.org%3E", "name": "[httpd-cvs] 20190815 svn commit: r1048742 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": ["Mailing List", "Vendor Advisory"], "refsource": "MLIST"}, {"url": "https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79@%3Ccvs.httpd.apache.org%3E", "name": "[httpd-cvs] 20190815 svn commit: r1048743 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": ["Mailing List", "Vendor Advisory"], "refsource": "MLIST"}, {"url": "https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc@%3Ccvs.httpd.apache.org%3E", "name": "[httpd-cvs] 20200401 svn commit: r1058586 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": ["Mailing List", "Vendor Advisory"], "refsource": "MLIST"}, {"url": "https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb@%3Ccvs.httpd.apache.org%3E", "name": "[httpd-cvs] 20200401 svn commit: r1058587 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": ["Mailing List", "Vendor Advisory"], "refsource": "MLIST"}, {"url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E", "name": "[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/", "tags": [], "refsource": "MLIST"}, {"url": "https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5@%3Ccvs.httpd.apache.org%3E", "name": "[httpd-cvs] 20210330 svn commit: r1073140 [1/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [], "refsource": "MLIST"}, {"url": "https://lists.apache.org/thread.html/r7035b7c9091c4b665a3b7205364775410646f12125d48e74e395f2ce@%3Ccvs.httpd.apache.org%3E", "name": "[httpd-cvs] 20210330 svn commit: r1888194 [2/13] - /httpd/site/trunk/content/security/json/", "tags": [], "refsource": "MLIST"}, {"url": "https://lists.apache.org/thread.html/re028d61fe612b0908595d658b9b39e74bca56f2a1ed3c5f06b5ab571@%3Ccvs.httpd.apache.org%3E", "name": "[httpd-cvs] 20210330 svn commit: r1073139 [2/13] - in /websites/staging/httpd/trunk/content: ./ security/json/", "tags": [], "refsource": "MLIST"}, {"url": "https://lists.apache.org/thread.html/rd00b45b93fda4a5bd013b28587207d0e00f99f6e3308dbb6025f3b01@%3Ccvs.httpd.apache.org%3E", "name": "[httpd-cvs] 20210330 svn commit: r1073149 [2/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/", "tags": [], "refsource": "MLIST"}, {"url": "https://lists.apache.org/thread.html/r5001ecf3d6b2bdd0b732e527654248abb264f08390045d30709a92f6@%3Ccvs.httpd.apache.org%3E", "name": "[httpd-cvs] 20210606 svn commit: r1075470 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [], "refsource": "MLIST"}, {"url": "https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b@%3Ccvs.httpd.apache.org%3E", "name": "[httpd-cvs] 20210330 svn commit: r1073140 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [], "refsource": "MLIST"}, {"url": "https://lists.apache.org/thread.html/rf2f0f3611f937cf6cfb3b4fe4a67f69885855126110e1e3f2fb2728e@%3Ccvs.httpd.apache.org%3E", "name": "[httpd-cvs] 20210606 svn commit: r1075470 [1/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [], "refsource": "MLIST"}, {"url": "https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142@%3Ccvs.httpd.apache.org%3E", "name": "[httpd-cvs] 20210330 svn commit: r1073143 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/", "tags": [], "refsource": "MLIST"}, {"url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E", "name": "[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/", "tags": [], "refsource": "MLIST"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Apache does not filter terminal escape sequences from its error logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2003-0020", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "severity": "MEDIUM", "impactScore": 2.9, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2003-03-18T05:00Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "1.3.31", "versionStartIncluding": "1.3.0"}, {"cpe23Uri": "cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "2.0.49", "versionStartIncluding": "2.0.0"}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2021-06-06T11:15Z"}

5.0 /10