Lucene search
Debian Security Bug TrackerDEBIANCVE:CVE-2003-1581HistoryOct 03, 2022 - 4:15 p.m.
CVE-2003-1581
2022-10-0316:15:42
Debian Security Bug Tracker
security-tracker.debian.org
8
apache
http server
log injection
dns
remote attackers
xss
illc
2.6 Low
CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:H/Au:N/C:N/I:P/A:N
0.001 Low
EPSS
Percentile
48.3%
The Apache HTTP Server 2.0.44, when DNS resolution is enabled for client IP addresses, allows remote attackers to inject arbitrary text into log files via an HTTP request in conjunction with a crafted DNS response, as demonstrated by injecting XSS sequences, related to an “Inverse Lookup Log Corruption (ILLC)” issue.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 12 | all | apache2 | <= 2.4.59-1~deb12u1 | apache2_2.4.59-1~deb12u1_all.deb |
| Debian | 11 | all | apache2 | <= 2.4.59-1~deb11u1 | apache2_2.4.59-1~deb11u1_all.deb |
| Debian | 999 | all | apache2 | <= 2.4.61-1 | apache2_2.4.61-1_all.deb |
| Debian | 13 | all | apache2 | <= 2.4.59-2 | apache2_2.4.59-2_all.deb |
Related
cve
cve
CVE-2003-1581
2022-10-03 16:15:42
cvelist
cvelist
CVE-2003-1581
2022-10-03 16:15:42
nvd
nvd
CVE-2003-1581
2010-02-05 22:30:02
2.6 Low
CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:H/Au:N/C:N/I:P/A:N
0.001 Low
EPSS
Percentile
48.3%
Related for DEBIANCVE:CVE-2003-1581