CVE-2003-1582

CWE-79Cross-site Scripting (XSS)3 documents3 sources
Severity
2.6LOW
EPSS
5.0%
top 10.34%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Microsoft Internet Information Server
Timeline
PublishedFeb 5
Latest updateApr 29

Description

Microsoft Internet Information Services (IIS) 6.0, when DNS resolution is enabled for client IP addresses, allows remote attackers to inject arbitrary text into log files via an HTTP request in conjunction with a crafted DNS response, as demonstrated by injecting XSS sequences, related to an "Inverse Lookup Log Corruption (ILLC)" issue.

CVSS vector

AV:N/AC:H/C:N/I:P/A:NExploitability: 4.9 | Impact: 2.9

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-g594-8xgx-ww3j: Microsoft Internet Information Services (IIS) 62022-04-29
CVEList
CVE-2003-1582: Microsoft Internet Information Services (IIS) 62010-02-05
CVE-2003-1582 (LOW CVSS 2.6) | Microsoft Internet Information Serv | cvebase.io