• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Focus On: Vista
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns

• info
• discussion
• exploit
• solution
• references

Apache Error Log Escape Sequence Injection Vulnerability

It has been reported that the Apache web server is prone to a remote error log escape sequence injection vulnerability. This issue is due to an input validation error that may allow escape character sequences to be injected into apache log files.

This may facilitate exploitation of issues such as those found in BIDs 6936 and 6938.

This issue may allow an attacker to carry out a number of actions including arbitrary file creation and code execution on the affected system.