Cisco Bug: CSCte64233 - Security vulnerability in Apache httpd ( CVE-2003-0020 )
Sep 27, 2017
- Cisco ACE XML Gateways
- Cisco ACE XML Gateway
Known Affected Releases
5.2 6.0 6.0(1) 6.0(2) 6.0(3) 6.1
<B>Symptom:</B> The ACE XML Gateway is vulnerable to CVE-2003-0020. The product does not perform special actions to filter some parts of incoming messages from log files. This may be used by attackers for inserting special byte sequences into log files. If the log file is viewed in the terminal emulator program, which is vulnerable to that special byte sequences, then the machine on which the log is viewed may be compromised. <B>Conditions:</B> This issue occurs when log files from the gateway are viewed using vulnerable software and remote attackers send specifically crafted messages to the ACE XML Gateway. Messages must exploit the specific vulnerabilities in the terminal emulator software used to examine the logs.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases