2010-02-05 23:30:02 2010-02-08 06:00:00

The Apache HTTP Server 2.0.44, when DNS resolution is enabled for client IP addresses, uses a logging format that does not identify whether a dotted quad represents an unresolved IP address, which allows remote attackers to spoof IP addresses via crafted DNS responses containing numerical top-level domains, as demonstrated by a forged 123.123.123.123 domain name, related to an "Inverse Lookup Log Corruption (ILLC)" issue.

Vector

NETWORK

Complexity

MEDIUM

Authentication

NONE

Confidentiality

NONE

Integrity

PARTIAL

Availability

NONE