exploitDog

CVE-2003-1579

Опубликовано: 05 фев. 2010

Источник: nvd

CVSS2: 4.3

EPSS Низкий

Описание

Sun ONE (aka iPlanet) Web Server 6 on Windows, when DNS resolution is enabled for client IP addresses, uses a logging format that does not identify whether a dotted quad represents an unresolved IP address, which allows remote attackers to spoof IP addresses via crafted DNS responses containing numerical top-level domains, as demonstrated by a forged 123.123.123.123 domain name, related to an "Inverse Lookup Log Corruption (ILLC)" issue.

Ссылки

http://www.securityfocus.com/archive/1/313867
Exploit
http://www.securityfocus.com/archive/1/313867
Exploit

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:a:sun:one_web_server:6.0:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*

EPSS

Процентиль: 45%

0.00224

Низкий

4.3 Medium

CVSS2

Дефекты

CWE-189

Связанные уязвимости

GHSA-qccq-vp6j-f2x6

github

больше 3 лет назад

Sun ONE (aka iPlanet) Web Server 6 on Windows, when DNS resolution is enabled for client IP addresses, uses a logging format that does not identify whether a dotted quad represents an unresolved IP address, which allows remote attackers to spoof IP addresses via crafted DNS responses containing numerical top-level domains, as demonstrated by a forged 123.123.123.123 domain name, related to an "Inverse Lookup Log Corruption (ILLC)" issue.

EPSS

Процентиль: 45%

0.00224

Низкий

4.3 Medium

CVSS2

Дефекты

CWE-189