CVE-2001-1556

MEDIUM

The log files in Apache web server contain information directly supplied by clients and does not filter or quote control characters, which could allow remote attackers to hide HTTP requests and spoof source IP addresses when logs are viewed with UNIX programs such as cat, tail, and grep.

CVSS v2.0 Score

5.0

/ 10.0

MEDIUM

AV:N/AC:L/Au:N/C:N/I:P/A:N

Information

Published: 31 déc. 2001
Updated: 16 avr. 2026
Status: Modified
Source: cve@mitre.org

Affected products

apache http serverAll Apache HTTP Server CVEs →

Versions : 1.3.31, 2.0.49

Weaknesses (CWE)

CWE-532

References (6)

http://archives.neohapsis.com/archives/bugtraq/2001-10/0231.html
Broken Link
http://httpd.apache.org/docs/logs.html
Vendor Advisory
http://www.iss.net/security_center/static/7363.php
Broken Link
http://archives.neohapsis.com/archives/bugtraq/2001-10/0231.html
Broken Link
http://httpd.apache.org/docs/logs.html
Vendor Advisory
http://www.iss.net/security_center/static/7363.php
Broken Link

Similar CVEs

Other vulnerabilities of type CWE-532

Loading…

Monitor your products

Get automatic alerts for every new CVE affecting your equipment.

Enable monitoring