CVE-2001-1556

The log files in Apache web server contain information directly supplied by clients and does not filter or quote control characters, which could allow remote attackers to hide HTTP requests and spoof source IP addresses when logs are viewed with UNIX programs such as cat, tail, and grep.

Published: Dec 31, 2001
Updated: Apr 13, 2023
CVE: CVE-2001-1556
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:N/I:P/A:N

CWEs:

CWE-532

Affected Software
References

Software	From	Fixed in
apache / http_server	2.0.0	2.0.49
apache / http_server	1.3.0	1.3.31

http://archives.neohapsis.com/archives/bugtraq/2001-10/0231.html
http://httpd.apache.org/docs/logs.html
http://www.iss.net/security_center/static/7363.php

Vulnerability Database

290,020

CVE-2001-1556