CVE-2002-2103

2005-08-0504:00:00

mitre

www.cve.org

apache

log spoofing

vulnerability

remote attackers

double-reverse lookup

AI Score

6.6

Confidence

High

EPSS

0.019

Percentile

88.9%

JSON

Apache before 1.3.24, when writing to the log file, records a spoofed hostname from the reverse lookup of an IP address, even when a double-reverse lookup fails, which allows remote attackers to hide the original source of activities.

References

www.apache.org/dist/httpd/CHANGES_1.3

www.iss.net/security_center/static/8629.php

www.securityfocus.com/bid/4358