CVE-2002-2103

Apache HTTP Server - Hostname Spoofing via Reverse DNS Lookup

Title source: llm
STIX 2.1

Description

Apache before 1.3.24, when writing to the log file, records a spoofed hostname from the reverse lookup of an IP address, even when a double-reverse lookup fails, which allows remote attackers to hide the original source of activities.

References (3)

Core 3
Core References
Various Sources x_refsource_confirm
http://www.apache.org/dist/httpd/CHANGES_1.3
Patch vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/4358

Scores

EPSS 0.0606
EPSS Percentile 92.6%

Details

Status published
Products (13)
apache/http_server 1.3.9
apache/http_server 1.3.11
apache/http_server 1.3.12
apache/http_server 1.3.13
apache/http_server 1.3.14
apache/http_server 1.3.15
apache/http_server 1.3.16
apache/http_server 1.3.17
apache/http_server 1.3.18
apache/http_server 1.3.19
... and 3 more
Published Dec 31, 2002
Tracked Since Feb 18, 2026