vendor:
AN HTTPD
by:
SecurityFocus
7.5
CVSS
HIGH
Log File Injection
78
CWE
Product Name: AN HTTPD
Affected Version From: 1.42n
Affected Version To: Unknown
Patch Exists: NO
Related CWE: N/A
CPE: a:httpd:an_httpd
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: Windows
2005
AN HTTPD Log File Injection Vulnerability
AN HTTPD is affected by a vulnerability that may allow remote attacker to inject arbitrary content in to the log file. This issue arises due to a failure of input validation. Corruption of logs may result in concealing attacks and/or misleading an administrator. This issue can also be exploited to carry out other attacks such as the execution of certain BAT file commands. This can result in the disclosure of source code and text files. This issue may also aid in the exploitation of the vulnerability described in BID 13066 (AN HTTPD CMDIS.DLL Remote Buffer Overflow Vulnerability).
Mitigation:
Input validation should be used to prevent the injection of arbitrary content into the log file.
