CVE-2002-2103 — Apache Http Server vulnerability

4 documents4 sources

Severity

5.0MEDIUMNVD

EPSS

1.7%

top 17.58%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apache Http Server

Timeline

PublishedDec 31

Latest updateApr 30

Description

Apache before 1.3.24, when writing to the log file, records a spoofed hostname from the reverse lookup of an IP address, even when a double-reverse lookup fails, which allows remote attackers to hide the original source of activities.

CVSS vector

AV:N/AC:L/C:N/I:P/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

▶NVDapache/http_server13 versions+12

Patches

Patch: www.iss.net ↗Patch: www.securityfocus.com ↗Patch: www.iss.net ↗

🔴Vulnerability Details

GHSA

GHSA-22p8-j48p-jr45: Apache before 1↗2022-04-30

▶

CVEList

CVE-2002-2103: Apache before 1↗2005-08-05

▶

📋Vendor Advisories

Red Hat

CVE-2002-2103: Apache before 1↗

▶