Vulnerabilities > CVE-2002-2103 - Unspecified vulnerability in Apache Http Server

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

PARTIAL

Availability impact

NONE

network

low complexity

apache

NVD

Published: 2002-12-31

Updated: 2008-09-05

Summary

Apache before 1.3.24, when writing to the log file, records a spoofed hostname from the reverse lookup of an IP address, even when a double-reverse lookup fails, which allows remote attackers to hide the original source of activities.

Vulnerable Configurations

Part	Description	Count
Application	Apache Apache Http Server 1.3.9 Apache Http Server 1.3.11 Apache Http Server 1.3.12 Apache Http Server 1.3.13 Apache Http Server 1.3.14 Apache Http Server 1.3.15 Apache Http Server 1.3.16 Apache Http Server 1.3.17 Apache Http Server 1.3.18 Apache Http Server 1.3.19 Apache Http Server 1.3.20 Apache Http Server 1.3.22 Apache Http Server 1.3.23	13

Statements

contributor	Mark J Cox
lastmodified	2006-08-30
organization	Red Hat
statement	Not vulnerable. This issue did not affect the versions of Apache HTTP server as shipped with Red Hat Enterprise Linux 2.1, 3, or 4.

Summary

Vulnerable Configurations

Statements

References