CVE-2003-1578
Sun ONE Web Server 4.1-SP12 and 6.0-SP5 - Log Corruption via DNS Response Injection
Title source: manualDescription
Sun ONE (aka iPlanet) Web Server 4.1 through SP12 and 6.0 through SP5, when DNS resolution is enabled for client IP addresses, allows remote attackers to hide HTTP requests from the log-preview functionality by accompanying the requests with crafted DNS responses specifying a domain name beginning with a "format=" substring, related to an "Inverse Lookup Log Corruption (ILLC)" issue.
References (4)
Core 4
Core References
Patch, Vendor Advisory vendor-advisory
x_refsource_sunalert
http://sunsolve.sun.com/search/document.do?assetkey=1-66-201453-1
Patch vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/7012
Exploit mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/313867
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/56633
Scores
EPSS
0.0029
EPSS Percentile
52.0%
Details
Status
published
Products (4)
sun/one_web_server
4.1 (12 CPE variants)
sun/one_web_server
6.0 (5 CPE variants)
sun/one_web_server
< 4.1
sun/one_web_server
< 6.0
Published
Feb 05, 2010
Tracked Since
Feb 18, 2026