LiveActive security incident?Get immediate response
CVE archive

2003 CVE Archive

Browse CVE records published in 2003 CVE Archive, with severity, affected products, CWE, KEV, and source-backed vulnerability context.

Showing 50 of 1504 matching CVEs · Page 2 of 31.

Unknown · CVSS Not scored

CVE-2003-1580: The Apache HTTP Server 2.0.44, when DNS resolution is enabled for client IP addresses, uses a logging forma...

The Apache HTTP Server 2.0.44, when DNS resolution is enabled for client IP addresses, uses a logging format that does not identify whether a dotted quad represents an unresolved IP address, which allows remote attackers to spoof IP addresses via crafted DNS responses containing numerical top-level domains, as demonstrated by a forged 123.123.123.123 domain name, related to an "Inverse Lookup Log Corruption (ILLC)" issue.

Published Feb 5, 2010 · Updated Sep 17, 2024

Unknown · CVSS Not scored

CVE-2003-0249: PHP treats unknown methods such as "PoSt" as a GET request, which could allow attackers to intended access...

PHP treats unknown methods such as "PoSt" as a GET request, which could allow attackers to intended access restrictions if PHP is running on a server that passes on all methods, such as Apache httpd 2.0, as demonstrated using a Limit directive. NOTE: this issue has been disputed by the Apache security team, saying "It is by design that PHP allows scripts to process any request method. A script which does not explicitly verify the request method will hence be processed as normal for arbitrary methods. It is therefore expected behaviour that one cannot implement per-method access control using the Apache configuration alone, which is the assumption made in this report.

Published Feb 27, 2006 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2003-1582: Microsoft Internet Information Services (IIS) 6.0, when DNS resolution is enabled for client IP addresses,...

Microsoft Internet Information Services (IIS) 6.0, when DNS resolution is enabled for client IP addresses, allows remote attackers to inject arbitrary text into log files via an HTTP request in conjunction with a crafted DNS response, as demonstrated by injecting XSS sequences, related to an "Inverse Lookup Log Corruption (ILLC)" issue.

Published Feb 5, 2010 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2003-1320: SonicWALL firmware before 6.4.0.1 allows remote attackers to cause a denial of service and possibly execute...

SonicWALL firmware before 6.4.0.1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted Internet Key Exchange (IKE) response packets, possibly including (1) a large Security Parameter Index (SPI) field, (2) a large number of payloads, or (3) a long payload.

Published Feb 27, 2007 · Updated Sep 16, 2024