Description

The Apache HTTP Server 2.0.44, when DNS resolution is enabled for client IP addresses, uses a logging format that does not identify whether a dotted quad represents an unresolved IP address, which allows remote attackers to spoof IP addresses via crafted DNS responses containing numerical top-level domains, as demonstrated by a forged 123.123.123.123 domain name, related to an "Inverse Lookup Log Corruption (ILLC)" issue.

Remediation

References

CVE-2003-1580

Related Vulnerabilities

Internet Information Services Improper Authentication Vulnerability (CVE-2009-1535)

Microsoft SQL Server Other Vulnerability (CVE-2000-1085)

WordPress Plugin Booking.com Product Helper Cross-Site Scripting (1.0.1)

jQuery Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-18405)

WebLogic CVE-2021-35617 Vulnerability (CVE-2021-35617)

Severity

Medium

Classification

CVE-2003-1580

Tags

Missing Update Known Vulnerabilities