Lucene search

MitreCVE-2003-1582

HistoryFeb 05, 2010 - 10:30 p.m.

CVE-2003-1582

2010-02-0522:30:02

CWE-79

mitre

web.nvd.nist.gov

108

microsoft

iis 6.0

remote attackers

log files

dns

injection

xss

security vulnerability

CVSS2

2.6

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:N/I:P/A:N

AI Score

6.1

Confidence

High

EPSS

0.002

Percentile

59.2%

JSON

Microsoft Internet Information Services (IIS) 6.0, when DNS resolution is enabled for client IP addresses, allows remote attackers to inject arbitrary text into log files via an HTTP request in conjunction with a crafted DNS response, as demonstrated by injecting XSS sequences, related to an “Inverse Lookup Log Corruption (ILLC)” issue.

Affected configurations

Nvd

Node

microsoftinternet_information_serverMatch6.0

VendorProductVersionCPE
microsoftinternet_information_server6.0cpe:2.3:a:microsoft:internet_information_server:6.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
microsoft	internet_information_server	6.0	cpe:2.3:a:microsoft:internet_information_server:6.0:::::::*

References

www.securityfocus.com/archive/1/313867

CVSS2

2.6

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:N/I:P/A:N

AI Score

6.1

Confidence

High

EPSS

0.002

Percentile

59.2%

JSON

Related for CVE-2003-1582