Vulnerability Details

ID: CVE-2002-2103

Last Modified: Sept. 5, 2008

Open in new window

Description

Apache before 1.3.24, when writing to the log file, records a spoofed hostname from the reverse lookup of an IP address, even when a double-reverse lookup fails, which allows remote attackers to hide the original source of activities.

CVSS V2

Access Vector: Network

Access Complexity: Low

Authentication: None

Confidentiality Impact: None

Integrity Impact: Partial

Availability Impact: None

Base Score: 5.0

Exploitability Score: 10.0

Impact Score: 2.9

CVSS V2: AV:N/AC:L/Au:N/C:N/I:P/A:N

Specialize CVSS-Score

CWE-ID

NVD-CWE-Other

Configuration

Condition		Configuration
OR
OR
	cpe:2.3:a:apache:http_server:1.3.23:::::::* Part: a Product: http_server Vendor: apache Version: 1.3.23	Alle Schwachstellen für apache
	cpe:2.3:a:apache:http_server:1.3.16:::::::* Part: a Product: http_server Vendor: apache Version: 1.3.16	Alle Schwachstellen für apache
	cpe:2.3:a:apache:http_server:1.3.19:::::::* Part: a Product: http_server Vendor: apache Version: 1.3.19	Alle Schwachstellen für apache
	cpe:2.3:a:apache:http_server:1.3.20:::::::* Part: a Product: http_server Vendor: apache Version: 1.3.20	Alle Schwachstellen für apache
	cpe:2.3:a:apache:http_server:1.3.13:::::::* Part: a Product: http_server Vendor: apache Version: 1.3.13	Alle Schwachstellen für apache
	cpe:2.3:a:apache:http_server:1.3.18:::::::* Part: a Product: http_server Vendor: apache Version: 1.3.18	Alle Schwachstellen für apache
	cpe:2.3:a:apache:http_server:1.3.12:::::::* Part: a Product: http_server Vendor: apache Version: 1.3.12	Alle Schwachstellen für apache
	cpe:2.3:a:apache:http_server:1.3.17:::::::* Part: a Product: http_server Vendor: apache Version: 1.3.17	Alle Schwachstellen für apache
	cpe:2.3:a:apache:http_server:1.3.9:::::::* Part: a Product: http_server Vendor: apache Version: 1.3.9	Alle Schwachstellen für apache
	cpe:2.3:a:apache:http_server:1.3.14:::::::* Part: a Product: http_server Vendor: apache Version: 1.3.14	Alle Schwachstellen für apache
	cpe:2.3:a:apache:http_server:1.3.22:::::::* Part: a Product: http_server Vendor: apache Version: 1.3.22	Alle Schwachstellen für apache
	cpe:2.3:a:apache:http_server:1.3.11:::::::* Part: a Product: http_server Vendor: apache Version: 1.3.11	Alle Schwachstellen für apache
	cpe:2.3:a:apache:http_server:1.3.15:::::::* Part: a Product: http_server Vendor: apache Version: 1.3.15	Alle Schwachstellen für apache

Pre-Condition

                    <?xml version="1.0" ?>
<set operator="and">
    <set operator="or">
        <prop key="application" value="cpe:2.3:a:apache:http_server:1.3.23:*:*:*:*:*:*:*"/>
        <prop key="application" value="cpe:2.3:a:apache:http_server:1.3.16:*:*:*:*:*:*:*"/>
        <prop key="application" value="cpe:2.3:a:apache:http_server:1.3.19:*:*:*:*:*:*:*"/>
        <prop key="application" value="cpe:2.3:a:apache:http_server:1.3.20:*:*:*:*:*:*:*"/>
        <prop key="application" value="cpe:2.3:a:apache:http_server:1.3.13:*:*:*:*:*:*:*"/>
        <prop key="application" value="cpe:2.3:a:apache:http_server:1.3.18:*:*:*:*:*:*:*"/>
        <prop key="application" value="cpe:2.3:a:apache:http_server:1.3.12:*:*:*:*:*:*:*"/>
        <prop key="application" value="cpe:2.3:a:apache:http_server:1.3.17:*:*:*:*:*:*:*"/>
        <prop key="application" value="cpe:2.3:a:apache:http_server:1.3.9:*:*:*:*:*:*:*"/>
        <prop key="application" value="cpe:2.3:a:apache:http_server:1.3.14:*:*:*:*:*:*:*"/>
        <prop key="application" value="cpe:2.3:a:apache:http_server:1.3.22:*:*:*:*:*:*:*"/>
        <prop key="application" value="cpe:2.3:a:apache:http_server:1.3.11:*:*:*:*:*:*:*"/>
        <prop key="application" value="cpe:2.3:a:apache:http_server:1.3.15:*:*:*:*:*:*:*"/>
    </set>
    <prop key="program_influence" value="input"/>
    <prop key="range" value="remote"/>
</set>

Post-Condition

                      <?xml version="1.0" ?>
<set operator="and">
    <prop key="target" value="host"/>
    <set operator="or">
        <prop key="program_influence" value="input"/>
        <prop key="program_influence" value="output"/>
        <prop key="program_influence" value="existence"/>
    </set>
    <prop key="data" value="any"/>
    <set operator="or">
        <prop key="data_influence" value="write"/>
        <prop key="data_influence" value="delete"/>
    </set>
    <set operator="or">
        <prop key="range" value="remote"/>
        <prop key="range" value="local"/>
    </set>
</set>