1. CVE-Search
  2. CVE-2003-1578
ID CVE-2003-1578
Summary Sun ONE (aka iPlanet) Web Server 4.1 through SP12 and 6.0 through SP5, when DNS resolution is enabled for client IP addresses, allows remote attackers to hide HTTP requests from the log-preview functionality by accompanying the requests with crafted DNS responses specifying a domain name beginning with a "format=" substring, related to an "Inverse Lookup Log Corruption (ILLC)" issue.
References
Vulnerable Configurations
  • cpe:2.3:a:sun:one_web_server:4.1:*:*:*:*:*:*:*
    cpe:2.3:a:sun:one_web_server:4.1:*:*:*:*:*:*:*
  • cpe:2.3:a:sun:one_web_server:4.1:sp1:*:*:*:*:*:*
    cpe:2.3:a:sun:one_web_server:4.1:sp1:*:*:*:*:*:*
  • cpe:2.3:a:sun:one_web_server:4.1:sp10:*:*:*:*:*:*
    cpe:2.3:a:sun:one_web_server:4.1:sp10:*:*:*:*:*:*
  • cpe:2.3:a:sun:one_web_server:4.1:sp11:*:*:*:*:*:*
    cpe:2.3:a:sun:one_web_server:4.1:sp11:*:*:*:*:*:*
  • cpe:2.3:a:sun:one_web_server:4.1:sp12:*:*:*:*:*:*
    cpe:2.3:a:sun:one_web_server:4.1:sp12:*:*:*:*:*:*
  • cpe:2.3:a:sun:one_web_server:4.1:sp2:*:*:*:*:*:*
    cpe:2.3:a:sun:one_web_server:4.1:sp2:*:*:*:*:*:*
  • cpe:2.3:a:sun:one_web_server:4.1:sp3:*:*:*:*:*:*
    cpe:2.3:a:sun:one_web_server:4.1:sp3:*:*:*:*:*:*
  • cpe:2.3:a:sun:one_web_server:4.1:sp4:*:*:*:*:*:*
    cpe:2.3:a:sun:one_web_server:4.1:sp4:*:*:*:*:*:*
  • cpe:2.3:a:sun:one_web_server:4.1:sp5:*:*:*:*:*:*
    cpe:2.3:a:sun:one_web_server:4.1:sp5:*:*:*:*:*:*
  • cpe:2.3:a:sun:one_web_server:4.1:sp6:*:*:*:*:*:*
    cpe:2.3:a:sun:one_web_server:4.1:sp6:*:*:*:*:*:*
  • cpe:2.3:a:sun:one_web_server:4.1:sp7:*:*:*:*:*:*
    cpe:2.3:a:sun:one_web_server:4.1:sp7:*:*:*:*:*:*
  • cpe:2.3:a:sun:one_web_server:4.1:sp8:*:*:*:*:*:*
    cpe:2.3:a:sun:one_web_server:4.1:sp8:*:*:*:*:*:*
  • cpe:2.3:a:sun:one_web_server:4.1:sp9:*:*:*:*:*:*
    cpe:2.3:a:sun:one_web_server:4.1:sp9:*:*:*:*:*:*
  • cpe:2.3:a:sun:one_web_server:6.0:*:*:*:*:*:*:*
    cpe:2.3:a:sun:one_web_server:6.0:*:*:*:*:*:*:*
  • cpe:2.3:a:sun:one_web_server:6.0:sp1:*:*:*:*:*:*
    cpe:2.3:a:sun:one_web_server:6.0:sp1:*:*:*:*:*:*
  • cpe:2.3:a:sun:one_web_server:6.0:sp2:*:*:*:*:*:*
    cpe:2.3:a:sun:one_web_server:6.0:sp2:*:*:*:*:*:*
  • cpe:2.3:a:sun:one_web_server:6.0:sp3:*:*:*:*:*:*
    cpe:2.3:a:sun:one_web_server:6.0:sp3:*:*:*:*:*:*
  • cpe:2.3:a:sun:one_web_server:6.0:sp4:*:*:*:*:*:*
    cpe:2.3:a:sun:one_web_server:6.0:sp4:*:*:*:*:*:*
CVSS
Base: 4.3 (as of 17-08-2017 - 01:29)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE PARTIAL NONE
cvss-vector via4 AV:N/AC:M/Au:N/C:N/I:P/A:N
refmap via4
bid 7012
bugtraq 20030304 Log corruption on multiple webservers, log analyzers,...
sunalert 201453
xf iplanet-logpreview-security-bypass(56633)
Last major update 17-08-2017 - 01:29
Published 05-02-2010 - 22:30
Last modified 17-08-2017 - 01:29
Back to Top