CVE-2003-1581 — Cross-site Scripting in Apache Http Server

CWE-79 — Cross-site Scripting7 documents7 sources

Severity

2.6LOWNVD

EPSS

2.0%

top 16.41%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apache Http Server

Timeline

PublishedFeb 5

Latest updateApr 29

Description

The Apache HTTP Server 2.0.44, when DNS resolution is enabled for client IP addresses, allows remote attackers to inject arbitrary text into log files via an HTTP request in conjunction with a crafted DNS response, as demonstrated by injecting XSS sequences, related to an "Inverse Lookup Log Corruption (ILLC)" issue.

CVSS vector

AV:N/AC:H/C:N/I:P/A:NExploitability: 4.9 | Impact: 2.9

Affected Packages1 packages

▶NVDapache/http_server2.0.44

🔴Vulnerability Details

GHSA

GHSA-xfrg-qvm9-q5xc: The Apache HTTP Server 2↗2022-04-29

▶

CVEList

CVE-2003-1581: The Apache HTTP Server 2↗2010-02-05

▶

OSV

CVE-2003-1581: The Apache HTTP Server 2↗2010-02-05

▶

📋Vendor Advisories

Red Hat

httpd: Injection of arbitrary text into log files when DNS resolution is enabled↗2003-03-04

▶

Debian

CVE-2003-1581: apache2 - The Apache HTTP Server 2.0.44, when DNS resolution is enabled for client IP addr...↗2003

▶

💬Community

Bugzilla

CVE-2003-1581 httpd: Injection of arbitrary text into log files when DNS resolution is enabled↗2010-02-06

▶