Description
The Apache HTTP Server 2.0.44, when DNS resolution is enabled for client IP addresses, uses a logging format that does not identify whether a dotted quad represents an unresolved IP address, which allows remote attackers to spoof IP addresses via crafted DNS responses containing numerical top-level domains, as demonstrated by a forged 123.123.123.123 domain name, related to an "Inverse Lookup Log Corruption (ILLC)" issue.
Remediation
References
Related Vulnerabilities
WordPress Plugin GD Star Rating 'wpfn' Parameter Cross-Site Scripting (1.9.8)
Oracle Database Server Other Vulnerability (CVE-2007-3856)
Mailman Other Vulnerability (CVE-2002-0855)
WordPress Plugin FV Flowplayer Video Player Cross-Site Scripting (7.5.32.7212)
Liferay DXP Excessive Iteration Vulnerability (CVE-2024-25144)