The Apache HTTP Server 2.0.44, when DNS resolution is enabled for client IP addresses, uses a logging format that does not identify whether a dotted quad represents an unresolved IP address, which allows remote attackers to spoof IP addresses via crafted DNS responses containing numerical top-level domains, as demonstrated by a forged 123.123.123.123 domain name, related to an "Inverse Lookup Log Corruption (ILLC)" issue.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2010-02-05T22:13:00Z

Updated: 2024-09-17T00:15:26.899Z

Reserved: 2010-02-05T00:00:00Z

Link: CVE-2003-1580

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2010-02-05T22:30:02.030

Modified: 2024-11-20T23:47:29.887

Link: CVE-2003-1580

cve-icon Redhat

No data.