CVE-2001-1556
Severity Score
5.0
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
The log files in Apache web server contain information directly supplied by clients and does not filter or quote control characters, which could allow remote attackers to hide HTTP requests and spoof source IP addresses when logs are viewed with UNIX programs such as cat, tail, and grep.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2001-12-31 CVE Published
- 2005-07-14 CVE Reserved
- 2024-09-16 CVE Updated
- 2024-09-17 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-532: Insertion of Sensitive Information into Log File
CAPEC
References (3)
| URL | Tag | Source |
|---|---|---|
| http://archives.neohapsis.com/archives/bugtraq/2001-10/0231.html | Broken Link | |
| http://www.iss.net/security_center/static/7363.php | Broken Link |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://httpd.apache.org/docs/logs.html | 2020-10-14 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Apache Search vendor "Apache" | Http Server Search vendor "Apache" for product "Http Server" | >= 1.3.0 < 1.3.31 Search vendor "Apache" for product "Http Server" and version " >= 1.3.0 < 1.3.31" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Http Server Search vendor "Apache" for product "Http Server" | >= 2.0.0 < 2.0.49 Search vendor "Apache" for product "Http Server" and version " >= 2.0.0 < 2.0.49" | - |
Affected
| ||||||