AN HTTPD Server logfile arbitrary characters injection
| an-httpd-logfile-character-injection (20031) |  Medium Risk |
Description:
AN HTTPD Server could allow a remote attacker to inject arbitrary characters into the logfile caused by improper filtering of CR and LF characters in the URI. A remote attacker could exploit this vulnerability to inject arbitrary characters into the logfile to corrupt the logfile or inject fake entries or commands and possibly compromise the system.
Consequences:
File Manipulation
Remedy:
No remedy available as of July 9, 2011.
References:
- SIG^2 Vulnerability Research Advisory: AN HTTPD Server cmdIS.DLL Buffer Overflow and LogFile Arbitrary Character Injection Vulnerabilities.
- BID-13069: AN HTTPD Arbitrary Log Content Injection Vulnerability
- CVE-2005-1087: CRLF injection vulnerability in the cmdIS.DLL plugin for AN HTTPD Server 1.42n allows remote attackers to spoof or hide entries in the logfile, and possibly read files using an injected type command, via CRLF sequences in an HTTP request.
- OSVDB ID: 15362: AN HTTPD Server httpd.log Arbitrary Text Injection
- SA14861: AN HTTPD Multiple Vulnerabilities
- SECTRACK ID: 1013666: AN HTTP Server `cmdIS.DLL` Buffer Overflow Lets Local Users Execute Arbitrary Code and Remote Users Conduct Cross-Site Scripting Attacks
Platforms Affected:
- Microsoft Windows 2000 SP4
- Microsoft Windows XP SP2
- nakata AN HTTPD 1.42n
Reported:
Apr 08, 2005
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net