CVE-2001-1556
Severity CVSS v4.0:
Pending analysis
Type:
CWE-532
Information Exposure Through Log Files
Publication date:
31/12/2001
Last modified:
03/04/2025
Description
The log files in Apache web server contain information directly supplied by clients and does not filter or quote control characters, which could allow remote attackers to hide HTTP requests and spoof source IP addresses when logs are viewed with UNIX programs such as cat, tail, and grep.
Impact
Base Score 2.0
5.00
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:* | 1.3.0 (including) | 1.3.31 (excluding) |
| cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:* | 2.0.0 (including) | 2.0.49 (excluding) |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://archives.neohapsis.com/archives/bugtraq/2001-10/0231.html
- http://httpd.apache.org/docs/logs.html
- http://www.iss.net/security_center/static/7363.php
- http://archives.neohapsis.com/archives/bugtraq/2001-10/0231.html
- http://httpd.apache.org/docs/logs.html
- http://www.iss.net/security_center/static/7363.php