Bug 1891833 (CVE-2001-1556)

Summary: CVE-2001-1556 httpd: log files contain information directly supplied by clients and does not filter or quote control characters
Product: [Other] Security Response Reporter: Guilherme de Almeida Suckevicz <gsuckevi>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED NOTABUG QA Contact:
Severity: low Docs Contact:
Priority: low    
Version: unspecifiedCC: anon.amish, csutherl, gzaronik, hhorak, jclere, jdoyle, jkaluza, jorton, jwon, krathod, lgao, luhliari, mbabacek, mturk, myarboro, pahan, pjindal, pslavice, rsvoboda, weli
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2020-10-28 14:21:20 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1891834    

Description Guilherme de Almeida Suckevicz 2020-10-27 13:41:26 UTC 
The log files in Apache web server contain information directly supplied by clients and does not filter or quote control characters, which could allow remote attackers to hide HTTP requests and spoof source IP addresses when logs are viewed with UNIX programs such as cat, tail, and grep.

Reference:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1556
Comment 2 Product Security DevOps Team 2020-10-28 14:21:20 UTC 
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2001-1556
Comment 3 RaTasha Tillery-Smith 2020-11-12 15:54:43 UTC 
Statement:

httpd as shipped with Red Hat Enterprise Linux 5, 6, 7, 8 and Red Hat Software Collections 3, is not affected because the versions of httpd shipped are newer than the affected versions for this flaw. The flaw was originally published in 2001 and there have been patches released since then.