CVE-2003-1581
EPSS 1.6%
Description
The Apache HTTP Server 2.0.44, when DNS resolution is enabled for client IP addresses, allows remote attackers to inject arbitrary text into log files via an HTTP request in conjunction with a crafted DNS response, as demonstrated by injecting XSS sequences, related to an "Inverse Lookup Log Corruption (ILLC)" issue.
How to fix CVE-2003-1581
No fixed version has been published yet. Mitigate by removing the affected package or applying upstream guidance from the references below.
- Debian/apache2—no fix listed
Is CVE-2003-1581 being exploited?
Low — EPSS is 1.6%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0