CVE-2001-1556
First published: Mon Dec 31 2001(Updated: )
The log files in Apache web server contain information directly supplied by clients and does not filter or quote control characters, which could allow remote attackers to hide HTTP requests and spoof source IP addresses when logs are viewed with UNIX programs such as cat, tail, and grep.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Apache HTTP Server | >=1.3.0<1.3.31 | |
| Apache HTTP Server | >=2.0.0<2.0.49 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2001-1556?
CVE-2001-1556 is considered a moderate severity vulnerability due to its potential for log spoofing.
How do I fix CVE-2001-1556?
To fix CVE-2001-1556, upgrade to a patched version of Apache HTTP Server that addresses this logging issue.
What potential impact does CVE-2001-1556 have on my server?
CVE-2001-1556 allows attackers to manipulate log files, which could lead to obscured malicious activities and compromised security audits.
Which versions of Apache HTTP Server are affected by CVE-2001-1556?
CVE-2001-1556 affects Apache HTTP Server versions from 1.3.0 to 1.3.31 and 2.0.0 to 2.0.49.
Can CVE-2001-1556 be exploited remotely?
Yes, CVE-2001-1556 can be exploited remotely, enabling attackers to hide HTTP requests from server logs.
- agent/type
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/references
- agent/last-modified-date
- agent/weakness
- agent/severity
- agent/event
- agent/description
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-historical
- agent/softwarecombine
- agent/tags
- agent/source
- vendor/apache
- canonical/apache http server
- version/apache http server/1.3.0
- version/apache http server/2.0.0