CVE-2003-1578
First published: Fri Feb 05 2010(Updated: )
Sun ONE (aka iPlanet) Web Server 4.1 through SP12 and 6.0 through SP5, when DNS resolution is enabled for client IP addresses, allows remote attackers to hide HTTP requests from the log-preview functionality by accompanying the requests with crafted DNS responses specifying a domain name beginning with a "format=" substring, related to an "Inverse Lookup Log Corruption (ILLC)" issue.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Sun ONE Web Server | =4.1 | |
| Sun ONE Web Server | =4.1-sp11 | |
| Sun ONE Web Server | =4.1-sp3 | |
| Sun ONE Web Server | =4.1-sp1 | |
| Sun ONE Web Server | <=4.1 | |
| Sun ONE Web Server | =4.1-sp6 | |
| Sun ONE Web Server | =4.1-sp5 | |
| Sun ONE Web Server | =4.1-sp2 | |
| Sun ONE Web Server | =4.1-sp9 | |
| Sun ONE Web Server | =4.1-sp10 | |
| Sun ONE Web Server | =4.1-sp7 | |
| Sun ONE Web Server | =4.1-sp8 | |
| Sun ONE Web Server | =4.1-sp4 | |
| Sun ONE Web Server | =6.0-sp3 | |
| Sun ONE Web Server | =6.0-sp2 | |
| Sun ONE Web Server | =6.0-sp1 | |
| Sun ONE Web Server | <=6.0 | |
| Sun ONE Web Server | =6.0 | |
| Sun ONE Web Server | =6.0-sp4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2003-1578?
CVE-2003-1578 is considered a medium severity vulnerability due to its potential to obscure malicious activity by manipulating DNS responses.
How do I fix CVE-2003-1578?
To fix CVE-2003-1578, disable DNS resolution for client IP addresses in the Sun ONE Web Server configuration.
What versions of Sun ONE Web Server are affected by CVE-2003-1578?
CVE-2003-1578 affects Sun ONE Web Server versions 4.1 through SP12 and 6.0 through SP5.
Can CVE-2003-1578 lead to unauthorized access?
While CVE-2003-1578 does not directly grant unauthorized access, it may enable attackers to hide their actions from log files.
Is it safe to continue using Sun ONE Web Server with CVE-2003-1578 unpatched?
Continuing to use Sun ONE Web Server without patching CVE-2003-1578 increases the risk of undetected malicious activities.
- collector/nvd-historical
- collector/nvd-index
- agent/references
- agent/type
- agent/softwarecombine
- agent/remedy
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/author
- agent/tags
- agent/weakness
- agent/last-modified-date
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- vendor/sun
- canonical/sun one web server
- version/sun one web server/4.1
- version/sun one web server/4.1-sp11
- version/sun one web server/4.1-sp3
- version/sun one web server/4.1-sp1
- version/sun one web server/4.1-sp6
- version/sun one web server/4.1-sp5
- version/sun one web server/4.1-sp2
- version/sun one web server/4.1-sp9
- version/sun one web server/4.1-sp10
- version/sun one web server/4.1-sp7
- version/sun one web server/4.1-sp8
- version/sun one web server/4.1-sp4
- version/sun one web server/6.0-sp3
- version/sun one web server/6.0-sp2
- version/sun one web server/6.0-sp1
- version/sun one web server/6.0
- version/sun one web server/6.0-sp4