PT-2010-1201 · Apache+1 · Apache Http Server+1

Published

2010-02-05

Updated

2010-02-08

CVE-2003-1581

CVSS v2.0

2.6

Low

Vector

AV:N/AC:H/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions Apache HTTP Server version 2.0.44

Description The issue allows remote attackers to inject arbitrary text into log files via an HTTP request in conjunction with a crafted DNS response. This can be used to inject XSS sequences, and is related to an "Inverse Lookup Log Corruption (ILLC)" issue.

Recommendations For Apache HTTP Server version 2.0.44, consider disabling DNS resolution for client IP addresses as a temporary workaround to minimize the risk of exploitation.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2003-1581

ECHO-2734-798D-A68B

Affected Products

Apache Http Server

Debian

PT-2010-1201 · Apache+1 · Apache Http Server+1

CVE-2003-1581

Weakness Enumeration

Related Identifiers

Affected Products

References · 5