CVE-2003-1581: XSS
First published: Fri Feb 05 2010(Updated: )
The Apache HTTP Server 2.0.44, when DNS resolution is enabled for client IP addresses, allows remote attackers to inject arbitrary text into log files via an HTTP request in conjunction with a crafted DNS response, as demonstrated by injecting XSS sequences, related to an "Inverse Lookup Log Corruption (ILLC)" issue.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Apache Http Server | =2.0.44 | |
| =2.0.44 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2003-1581?
CVE-2003-1581 is identified as a high severity vulnerability due to its potential for log file injection and XSS attacks.
How do I fix CVE-2003-1581?
To mitigate CVE-2003-1581, upgrade the Apache HTTP Server to a version higher than 2.0.44 or disable DNS resolution for client IP addresses.
What is the impact of CVE-2003-1581?
CVE-2003-1581 allows remote attackers to manipulate log files potentially leading to security exploitation through XSS payloads.
Which versions of Apache HTTP Server are affected by CVE-2003-1581?
CVE-2003-1581 affects Apache HTTP Server version 2.0.44.
How does CVE-2003-1581 allow log file injection?
CVE-2003-1581 allows log file injection via crafted DNS responses that correlate with specific HTTP requests.
- agent/type
- agent/references
- agent/severity
- agent/author
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/first-publish-date
- agent/weakness
- collector/nvd-historical
- vendor/apache
- vendor/http server
- agent/software-canonical-lookup-request
- collector/nvd-index
- agent/last-modified-date
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/event
- canonical/apache http server
- version/apache http server/2.0.44