CVE-2003-1579

CWE-1893 documents3 sources

Severity

4.3MEDIUM

EPSS

0.2%

top 54.92%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SUN ONE WEB Server

Timeline

PublishedFeb 5

Latest updateApr 29

Description

Sun ONE (aka iPlanet) Web Server 6 on Windows, when DNS resolution is enabled for client IP addresses, uses a logging format that does not identify whether a dotted quad represents an unresolved IP address, which allows remote attackers to spoof IP addresses via crafted DNS responses containing numerical top-level domains, as demonstrated by a forged 123.123.123.123 domain name, related to an "Inverse Lookup Log Corruption (ILLC)" issue.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

▶NVDsun/one_web_server6.0

🔴Vulnerability Details

GHSA

GHSA-qccq-vp6j-f2x6: Sun ONE (aka iPlanet) Web Server 6 on Windows, when DNS resolution is enabled for client IP addresses, uses a logging format that does not identify wh↗2022-04-29

▶

CVEList

CVE-2003-1579: Sun ONE (aka iPlanet) Web Server 6 on Windows, when DNS resolution is enabled for client IP addresses, uses a logging format that does not identify wh↗2010-02-05

▶