DNS Resolution Flaw in Sun ONE Web Server 6 on Windows
CVE-2003-1579

Currently unrated

Key Information:

Vendor: Oracle
Status: One Web Server
Vendor: CVE Published:; 5 February 2010

Summary

The Sun ONE Web Server 6 on Windows has a significant flaw related to DNS resolution for client IP addresses. When this feature is enabled, the server utilizes a logging format that fails to distinguish between resolved and unresolved IP addresses. This oversight allows attackers to spoof IP addresses by sending specially crafted DNS responses with numerical top-level domains. An example of this technique is demonstrated with a forged domain name like '123.123.123.123', which can exploit the 'Inverse Lookup Log Corruption' issue. Organizations using affected versions of the software are encouraged to address this vulnerability to protect against potential remote attacks.

References

http://www.securityfocus.com/archive/1/313867

mailing-listx_refsource_BUGTRAQ

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Feb 5, 2010