DNS Resolution Flaw in Sun ONE Web Server 6 on Windows
CVE-2003-1579
Currently unrated
Summary
The Sun ONE Web Server 6 on Windows has a significant flaw related to DNS resolution for client IP addresses. When this feature is enabled, the server utilizes a logging format that fails to distinguish between resolved and unresolved IP addresses. This oversight allows attackers to spoof IP addresses by sending specially crafted DNS responses with numerical top-level domains. An example of this technique is demonstrated with a forged domain name like '123.123.123.123', which can exploit the 'Inverse Lookup Log Corruption' issue. Organizations using affected versions of the software are encouraged to address this vulnerability to protect against potential remote attacks.
References
Timeline
Vulnerability Reserved
Vulnerability published