CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
AI Score
Confidence
High
EPSS
Percentile
88.9%
Apache before 1.3.24, when writing to the log file, records a spoofed hostname from the reverse lookup of an IP address, even when a double-reverse lookup fails, which allows remote attackers to hide the original source of activities.
Vendor | Product | Version | CPE |
---|---|---|---|
apache | http_server | 1.3.9 | cpe:2.3:a:apache:http_server:1.3.9:*:*:*:*:*:*:* |
apache | http_server | 1.3.11 | cpe:2.3:a:apache:http_server:1.3.11:*:*:*:*:*:*:* |
apache | http_server | 1.3.12 | cpe:2.3:a:apache:http_server:1.3.12:*:*:*:*:*:*:* |
apache | http_server | 1.3.13 | cpe:2.3:a:apache:http_server:1.3.13:*:*:*:*:*:*:* |
apache | http_server | 1.3.14 | cpe:2.3:a:apache:http_server:1.3.14:*:*:*:*:*:*:* |
apache | http_server | 1.3.15 | cpe:2.3:a:apache:http_server:1.3.15:*:*:*:*:*:*:* |
apache | http_server | 1.3.16 | cpe:2.3:a:apache:http_server:1.3.16:*:*:*:*:*:*:* |
apache | http_server | 1.3.17 | cpe:2.3:a:apache:http_server:1.3.17:*:*:*:*:*:*:* |
apache | http_server | 1.3.18 | cpe:2.3:a:apache:http_server:1.3.18:*:*:*:*:*:*:* |
apache | http_server | 1.3.19 | cpe:2.3:a:apache:http_server:1.3.19:*:*:*:*:*:*:* |