Description

The log files in Apache web server contain information directly supplied by clients and does not filter or quote control characters, which could allow remote attackers to hide HTTP requests and spoof source IP addresses when logs are viewed with UNIX programs such as cat, tail, and grep.

Remediation

References

CVE-2001-1556

Related Vulnerabilities

Dolibarr Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2015-3935)

Joomla Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2013-3058)

WordPress Plugin RBX Gallery 'uploader.php' Arbitrary File Upload (2.1)

WordPress Plugin Simple Job Board Directory Traversal (2.9.3)

WordPress Plugin Ultimate Member-User Profile, Registration, Login, Member Directory, Content Restriction & Membership Cross-Site Scripting (1.2.3)

Severity

Medium

Classification

CVE-2001-1556 CWE-532

Tags

Missing Update Known Vulnerabilities