Log Preview Functionality Flaw in Sun ONE Web Server by Sun Microsystems
CVE-2003-1578

Currently unrated

Key Information:

Vendor: Oracle
Status: One Web Server
Vendor: CVE Published:; 5 February 2010

Summary

A vulnerability in Sun ONE Web Server allows remote attackers to manipulate log-preview functionalities by delivering specially crafted DNS responses that include a domain name starting with 'format='. This issue, related to Inverse Lookup Log Corruption, can lead to obscured HTTP requests, enabling attackers to evade detection in web server logs when DNS resolution for client IP addresses is enabled.

References

http://sunsolve.sun.com/search/document.do?assetkey=1-66-...

vendor-advisoryx_refsource_SUNALERT

http://www.securityfocus.com/bid/7012

vdb-entryx_refsource_BID

http://www.securityfocus.com/archive/1/313867

mailing-listx_refsource_BUGTRAQ

Timeline

Vulnerability published
Feb 5, 2010
Vulnerability Reserved
Feb 5, 2010