First published: Fri Feb 05 2010(Updated: )
Microsoft Internet Information Services (IIS) 6.0, when DNS resolution is enabled for client IP addresses, allows remote attackers to inject arbitrary text into log files via an HTTP request in conjunction with a crafted DNS response, as demonstrated by injecting XSS sequences, related to an "Inverse Lookup Log Corruption (ILLC)" issue.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Microsoft Internet Information Services | =6.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2003-1582 is considered a high severity vulnerability due to the potential for remote code execution through log injection.
To fix CVE-2003-1582, it is recommended to disable DNS resolution for client IP addresses in Microsoft Internet Information Services 6.0.
Exploiting CVE-2003-1582 could allow attackers to inject malicious content into log files, leading to potential cross-site scripting (XSS) attacks.
CVE-2003-1582 specifically affects Microsoft Internet Information Services version 6.0.
Yes, CVE-2003-1582 can lead to data breaches by allowing the injection of arbitrary text, which may be utilized for further attacks or exploitation.