Description

The Apache HTTP Server 2.0.44, when DNS resolution is enabled for client IP addresses, uses a logging format that does not identify whether a dotted quad represents an unresolved IP address, which allows remote attackers to spoof IP addresses via crafted DNS responses containing numerical top-level domains, as demonstrated by a forged 123.123.123.123 domain name, related to an "Inverse Lookup Log Corruption (ILLC)" issue.

Remediation

References

CVE-2003-1580

Related Vulnerabilities

Oracle JRE CVE-2023-22049 Vulnerability (CVE-2023-22049)

WordPress Plugin WordPress Ultra Simple Paypal Shopping Cart Cross-Site Request Forgery (4.4)

WordPress 3.9.x Multiple Vulnerabilities (3.9 - 3.9.23)

WordPress Plugin Request a Quote Cross-Site Scripting (2.3.3)

WordPress Plugin Shortcode Addons-with Visual Composer, Divi, Beaver Builder and Elementor Extension Arbitrary File Upload (3.2.5)

Severity

Medium

Classification

CVE-2003-1580

Tags

Missing Update Known Vulnerabilities