Log Corruption Vulnerability in Microsoft Internet Information Services (IIS) 6.0
CVE-2003-1582

Currently unrated

Key Information:

Vendor: Microsoft
Status: Internet Information Server
Vendor: CVE Published:; 5 February 2010

Summary

Microsoft Internet Information Services (IIS) 6.0, if configured with DNS resolution enabled for client IP addresses, is susceptible to a vulnerability that allows remote attackers to exploit log files. By sending a specially crafted HTTP request along with a malicious DNS response, attackers can inject arbitrary content into the IIS log files. This includes the potential for injecting cross-site scripting (XSS) sequences, leading to significant security risks. This vulnerability is classified as an Instance of Inverse Lookup Log Corruption (ILLC), making proper log analysis and integrity checks crucial for maintaining web server security.

References

http://www.securityfocus.com/archive/1/313867

mailing-listx_refsource_BUGTRAQ

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Feb 5, 2010