CVE-2005-1087

Name of the Vulnerable Software and Affected Versions AN HTTPD Server version 1.42n

Description The issue allows remote attackers to spoof or hide entries in the logfile, and possibly read files using an injected type command, via CRLF sequences in an HTTP request. This is due to a CRLF injection vulnerability in the cmdIS.DLL plugin.

Recommendations For AN HTTPD Server version 1.42n, update the cmdIS.DLL plugin to a version that fixes the CRLF injection vulnerability. As a temporary workaround, consider restricting access to the HTTP server to minimize the risk of exploitation.