CVE-2003-1580

Published Feb 5, 2010

Last updated a month ago

CVSS info 4.3

Overview

Description
The Apache HTTP Server 2.0.44, when DNS resolution is enabled for client IP addresses, uses a logging format that does not identify whether a dotted quad represents an unresolved IP address, which allows remote attackers to spoof IP addresses via crafted DNS responses containing numerical top-level domains, as demonstrated by a forged 123.123.123.123 domain name, related to an "Inverse Lookup Log Corruption (ILLC)" issue.
Source
cve@mitre.org
NVD status
Modified
Products
http_server

Risk scores

CVSS 2.0

Type
Primary
Base score
4.3
Impact score
2.9
Exploitability score
8.6
Vector string
AV:N/AC:M/Au:N/C:N/I:P/A:N

Weaknesses

nvd@nist.gov
CWE-189

Social media

Hype score
Not currently trending

Configurations

Related CVEs

  1. IBM HTTP Server 8.5, and 9.0CVE-2026-9170
  2. IBM HTTP Server 8.5, and 9.0 is vulnerable to denial of service via the optional module mod_mem_cache.CVE-2026-8854
  3. IBM HTTP Server 8.5, and 9.0 is vulnerable to denial of service in configurations where an attacker has write access to parts of the server configuration.CVE-2026-8856
  4. IBM HTTP Server 8.5, and 9.0 is vulnerable to remote code execution and denial of service in configurations with TLS mutual authentication (client authentication).CVE-2026-8855
  5. IBM HTTP Server 8.5, and 9.0 is vulnerable to invalid pointer dereference. A privileged user, authenticated to the Administration Server, could exploit this vulnerability to expose sensitive information or cause a denial of service.CVE-2026-8835

References

Sources include official advisories and independent security research.