LiveActive security incident?Get immediate response
CVE archive

February 2003

Browse CVE records published in February 2003, with severity, affected products, CWE, KEV, and source-backed vulnerability context.

Showing 50 of 84 matching CVEs · Page 1 of 2.

Unknown · CVSS Not scored

CVE-2003-1580: The Apache HTTP Server 2.0.44, when DNS resolution is enabled for client IP addresses, uses a logging forma...

The Apache HTTP Server 2.0.44, when DNS resolution is enabled for client IP addresses, uses a logging format that does not identify whether a dotted quad represents an unresolved IP address, which allows remote attackers to spoof IP addresses via crafted DNS responses containing numerical top-level domains, as demonstrated by a forged 123.123.123.123 domain name, related to an "Inverse Lookup Log Corruption (ILLC)" issue.

Published Feb 5, 2010 · Updated Sep 17, 2024

Unknown · CVSS Not scored

CVE-2003-0249: PHP treats unknown methods such as "PoSt" as a GET request, which could allow attackers to intended access...

PHP treats unknown methods such as "PoSt" as a GET request, which could allow attackers to intended access restrictions if PHP is running on a server that passes on all methods, such as Apache httpd 2.0, as demonstrated using a Limit directive. NOTE: this issue has been disputed by the Apache security team, saying "It is by design that PHP allows scripts to process any request method. A script which does not explicitly verify the request method will hence be processed as normal for arbitrary methods. It is therefore expected behaviour that one cannot implement per-method access control using the Apache configuration alone, which is the assumption made in this report.

Published Feb 27, 2006 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2003-1582: Microsoft Internet Information Services (IIS) 6.0, when DNS resolution is enabled for client IP addresses,...

Microsoft Internet Information Services (IIS) 6.0, when DNS resolution is enabled for client IP addresses, allows remote attackers to inject arbitrary text into log files via an HTTP request in conjunction with a crafted DNS response, as demonstrated by injecting XSS sequences, related to an "Inverse Lookup Log Corruption (ILLC)" issue.

Published Feb 5, 2010 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2003-1320: SonicWALL firmware before 6.4.0.1 allows remote attackers to cause a denial of service and possibly execute...

SonicWALL firmware before 6.4.0.1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted Internet Key Exchange (IKE) response packets, possibly including (1) a large Security Parameter Index (SPI) field, (2) a large number of payloads, or (3) a long payload.

Published Feb 27, 2007 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2003-1579: Sun ONE (aka iPlanet) Web Server 6 on Windows, when DNS resolution is enabled for client IP addresses, uses...

Sun ONE (aka iPlanet) Web Server 6 on Windows, when DNS resolution is enabled for client IP addresses, uses a logging format that does not identify whether a dotted quad represents an unresolved IP address, which allows remote attackers to spoof IP addresses via crafted DNS responses containing numerical top-level domains, as demonstrated by a forged 123.123.123.123 domain name, related to an "Inverse Lookup Log Corruption (ILLC)" issue.

Published Feb 5, 2010 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2003-1581: The Apache HTTP Server 2.0.44, when DNS resolution is enabled for client IP addresses, allows remote attack...

The Apache HTTP Server 2.0.44, when DNS resolution is enabled for client IP addresses, allows remote attackers to inject arbitrary text into log files via an HTTP request in conjunction with a crafted DNS response, as demonstrated by injecting XSS sequences, related to an "Inverse Lookup Log Corruption (ILLC)" issue.

Published Feb 5, 2010 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2003-1578: Sun ONE (aka iPlanet) Web Server 4.1 through SP12 and 6.0 through SP5, when DNS resolution is enabled for c...

Sun ONE (aka iPlanet) Web Server 4.1 through SP12 and 6.0 through SP5, when DNS resolution is enabled for client IP addresses, allows remote attackers to hide HTTP requests from the log-preview functionality by accompanying the requests with crafted DNS responses specifying a domain name beginning with a "format=" substring, related to an "Inverse Lookup Log Corruption (ILLC)" issue.

Published Feb 5, 2010 · Updated Aug 8, 2024

Unknown · CVSS Not scored

CVE-2003-1577: Sun ONE (aka iPlanet) Web Server 4.1 through SP12 and 6.0 through SP5, when DNS resolution is enabled for c...

Sun ONE (aka iPlanet) Web Server 4.1 through SP12 and 6.0 through SP5, when DNS resolution is enabled for client IP addresses, allows remote attackers to inject arbitrary text into log files, and conduct cross-site scripting (XSS) attacks involving the iPlanet Log Analyzer, via an HTTP request in conjunction with a crafted DNS response, related to an "Inverse Lookup Log Corruption (ILLC)" issue, a different vulnerability than CVE-2002-1315 and CVE-2002-1316.

Published Feb 5, 2010 · Updated Aug 8, 2024

Unknown · CVSS Not scored

CVE-2003-1319: Multiple buffer overflows in SmartFTP 1.0.973, and other versions before 1.0.976, allow remote attackers to...

Multiple buffer overflows in SmartFTP 1.0.973, and other versions before 1.0.976, allow remote attackers to execute arbitrary code via (1) a long response to a PWD command, which triggers a stack-based overflow, and (2) a long line in a response to a file LIST command, which triggers a heap-based overflow.

Published Feb 7, 2007 · Updated Aug 8, 2024