Description

Apache before 1.3.24, when writing to the log file, records a spoofed hostname from the reverse lookup of an IP address, even when a double-reverse lookup fails, which allows remote attackers to hide the original source of activities.

Remediation

References

CVE-2002-2103

Related Vulnerabilities

LiteSpeed Web Server Out-of-bounds Read Vulnerability (CVE-2004-0112)

phpMyFAQ Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2017-15730)

WordPress Plugin SP Project & Document Manager Arbitrary File Upload (4.22)

IBM RTC Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-20352)

WordPress Plugin All-In-One Security (AIOS)-Security and Firewall SQL Injection (3.8.7)

Severity

Medium

Classification

CVE-2002-2103

Tags

Missing Update Known Vulnerabilities