CVE-2003-1582

Microsoft Internet Information Services (IIS) 6.0, when DNS resolution is enabled for client IP addresses, allows remote attackers to inject arbitrary text into log files via an HTTP request in conjunction with a crafted DNS response, as demonstrated by injecting XSS sequences, related to an "Inverse Lookup Log Corruption (ILLC)" issue.

Published: Feb 5, 2010
Updated: Apr 13, 2023
CVE: CVE-2003-1582
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 2.6
AV:N/AC:H/Au:N/C:N/I:P/A:N

CWEs:

CWE-79

OWASP TOP 10:

A7 - Cross-Site Scripting (XSS)

Affected Software
References

Software	From	Fixed in
microsoft / internet_information_server	6.0	6.0.x

http://www.securityfocus.com/archive/1/313867

Vulnerability Database

289,689

CVE-2003-1582