Guest

Preview Tool

Cisco Bug: CSCte64233 - Security vulnerability in Apache httpd ( CVE-2003-0020 )

Last Modified

Sep 27, 2017

Products (2)

  • Cisco ACE XML Gateways
  • Cisco ACE XML Gateway

Known Affected Releases

5.2 6.0 6.0(1) 6.0(2) 6.0(3) 6.1

Description (partial)

<B>Symptom:</B>
The ACE XML Gateway is vulnerable to CVE-2003-0020. The product does not perform special 
actions to filter some parts of incoming messages from log files. This may be used by attackers 
for inserting special byte sequences into log files. If the log file is viewed in the terminal emulator 
program, which is vulnerable to that special byte sequences, then the machine on which the log is 
viewed may be compromised.

<B>Conditions:</B>
This issue occurs when log files from the gateway are viewed using vulnerable software and 
remote attackers send specifically crafted messages to the ACE XML Gateway. Messages must 
exploit the specific vulnerabilities in the terminal emulator software used to examine the logs.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.