[MBT] new ticket for pkg apache "CAN-2003-0020: Improper filtering of terminal escape sequences."
bugs at pld-linux.org
bugs at pld-linux.org
Tue Oct 7 10:28:55 CEST 2003
Date: 2003-10-07 10:28:54+02 Author: (kreutzm) <kreutzm at itp.uni-hannover.de>
Title: CAN-2003-0020: Improper filtering of terminal escape sequences.
Ticket ID: #754
Ticket URL: http://bugs.pld-linux.org/?bug=754
Package: apache-5:1.3.27-3
Distribution: PLD-1.0.main
Category: security problem
Current state: opened
Text:
I am not sure, but I could not find a reference to this one in the changelog. It is fixed by RedHat in RHSA-2003:243-01, the CAN-message reads:
Apache does not filter terminal escape sequences from its error logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences.
More information about the pld-bugs
mailing list