CVE-2003-1582

2010-02-0522:13:00

mitre

www.cve.org

microsoft internet information services

remote attacks

log files

http request

dns response

xss sequences

inverse lookup log corruption

AI Score

Confidence

High

EPSS

0.002

Percentile

59.2%

JSON

Microsoft Internet Information Services (IIS) 6.0, when DNS resolution is enabled for client IP addresses, allows remote attackers to inject arbitrary text into log files via an HTTP request in conjunction with a crafted DNS response, as demonstrated by injecting XSS sequences, related to an “Inverse Lookup Log Corruption (ILLC)” issue.

References

www.securityfocus.com/archive/1/313867