CVSS: 5.0EPSS: 1%CPEs: 2EXPL: 0CVE-2003-0083
https://notcve.org/view.php?id=CVE-2003-0083
Apache 1.3 before 1.3.25 and Apache 2.0 before version 2.0.46 does not filter terminal escape sequences from its access logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences, a different vulnerability than CVE-2003-0020. Apache 1.3 anteriores a 1.3.25 y Apache 2.0 anteriores a 2.0.43 y posiblemente posteriores no filtran secuencias de escape de terminal de sus logs de acceso, lo que podría hacer más fácil para atacantes insertar esas secuencias secuencias en emuladores de terminal conteniendo vulnerabilidades relacionadas con secuencias de escape, una vulnerabilidad diferente de CAN-2003-0020. • http://cvs.apache.org/viewcvs.cgi/apache-1.3/src/modules/standard/mod_log_config.c?only_with_tag=APACHE_1_3_25 http://cvs.apache.org/viewcvs.cgi/httpd-2.0/modules/loggers/mod_log_config.c?only_with_tag=APACHE_2_0_BRANCH http://marc.info/?l=bugtraq&m=108024081011678&w=2 http://marc.info/?l=bugtraq&m=108034113406858&w=2 http://secunia.com/advisories/8146 http://www.redhat.com/support/errata/RHSA-2003-139.html https://lists.apache.org/thread.html/54a42d4b01968df111 •
CVSS: 5.0EPSS: 1%CPEs: 2EXPL: 0CVE-2003-0020
https://notcve.org/view.php?id=CVE-2003-0020
Apache does not filter terminal escape sequences from its error logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences. Apache no filtra secuencias de escape de terminales en sus archivos de registro de errores, lo que podría hacer más fácil para atacantes insertar estas secuencias en emuladores de terminal que tengan vulnerabilidades relacionadas con secuencias de escape. • http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.html http://frontal2.mandriva.com/security/advisories?name=MDKSA-2004:046 http://marc.info/?l=bugtraq&m=104612710031920&w=2 http://marc.info/?l=bugtraq&m=108369640424244&w=2 http://marc.info/?l=bugtraq&m=108437852004207&w=2 http://marc.info/? •
CVSS: 4.6EPSS: 0%CPEs: 18EXPL: 1CVE-2002-1658
https://notcve.org/view.php?id=CVE-2002-1658
Buffer overflow in htdigest in Apache 1.3.26 and 1.3.27 may allow attackers to execute arbitrary code via a long user argument. NOTE: since htdigest is normally only locally accessible and not setuid or setgid, there are few attack vectors which would lead to an escalation of privileges, unless htdigest is executed from a CGI program. Therefore this may not be a vulnerability. • http://marc.info/?l=bugtraq&m=103480856102007&w=2 http://www.securityfocus.com/bid/5993 https://exchange.xforce.ibmcloud.com/vulnerabilities/10414 https://sardonix.org/audit/apache-45.html •
CVSS: 7.8EPSS: 1%CPEs: 36EXPL: 2CVE-2002-2272 – Apache 1.3.x + Tomcat 4.0.x/4.1.x mod_jk - Chunked Encoding Denial of Service
https://notcve.org/view.php?id=CVE-2002-2272
Tomcat 4.0 through 4.1.12, using mod_jk 1.2.1 module on Apache 1.3 through 1.3.27, allows remote attackers to cause a denial of service (desynchronized communications) via an HTTP GET request with a Transfer-Encoding chunked field with invalid values. • https://www.exploit-db.com/exploits/22068 http://archives.neohapsis.com/archives/bugtraq/2002-12/0045.html http://www.securityfocus.com/bid/6320 https://exchange.xforce.ibmcloud.com/vulnerabilities/10771 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2002-1822
https://notcve.org/view.php?id=CVE-2002-1822
IBM HTTP Server 1.0 on AS/400 allows remote attackers to obtain the path to the web root directory and other sensitive information, which is leaked in an error mesage when a request is made for a non-existent Java Server Page (JSP). • http://marc.info/?l=bugtraq&m=103726020802411&w=2 http://www.iss.net/security_center/static/10628.php http://www.securityfocus.com/bid/6181 •