Sign-up

ID

VAR-201002-0299


CVE

CVE-2003-1582


TITLE

Microsoft Internet Information Services Security hole

Trust: 0.6

sources: CNNVD: CNNVD-201002-047

DESCRIPTION

Microsoft Internet Information Services (IIS) 6.0, when DNS resolution is enabled for client IP addresses, allows remote attackers to inject arbitrary text into log files via an HTTP request in conjunction with a crafted DNS response, as demonstrated by injecting XSS sequences, related to an "Inverse Lookup Log Corruption (ILLC)" issue. IIS is prone to a cross-site scripting vulnerability

Trust: 1.17

sources: NVD: CVE-2003-1582 // BID: 82687

AFFECTED PRODUCTS

vendor:microsoftmodel:internet information serverscope:eqversion:6.0

Trust: 1.0

vendor:microsoftmodel:iisscope:eqversion:6.0

Trust: 0.6

sources: CNNVD: CNNVD-201002-047 // NVD: CVE-2003-1582

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2003-1582
value: LOW

Trust: 1.0

CNNVD: CNNVD-201002-047
value: LOW

Trust: 0.6

nvd@nist.gov: CVE-2003-1582
severity: LOW
baseScore: 2.6
vectorString: AV:N/AC:H/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 4.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

sources: CNNVD: CNNVD-201002-047 // NVD: CVE-2003-1582

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.0

sources: NVD: CVE-2003-1582

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201002-047

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201002-047

EXTERNAL IDS

db:NVDid:CVE-2003-1582

Trust: 1.9

db:CNNVDid:CNNVD-201002-047

Trust: 0.6

db:BIDid:82687

Trust: 0.3

sources: BID: 82687 // CNNVD: CNNVD-201002-047 // NVD: CVE-2003-1582

REFERENCES

url:http://www.securityfocus.com/archive/1/313867

Trust: 1.9

sources: BID: 82687 // CNNVD: CNNVD-201002-047 // NVD: CVE-2003-1582

CREDITS

Unknown

Trust: 0.3

sources: BID: 82687

SOURCES

db:BIDid:82687
db:CNNVDid:CNNVD-201002-047
db:NVDid:CVE-2003-1582

LAST UPDATE DATE

2024-08-14T15:30:37.194000+00:00


SOURCES UPDATE DATE

db:BIDid:82687date:2010-02-05T00:00:00
db:CNNVDid:CNNVD-201002-047date:2019-07-08T00:00:00
db:NVDid:CVE-2003-1582date:2019-07-03T17:25:47.480

SOURCES RELEASE DATE

db:BIDid:82687date:2010-02-05T00:00:00
db:CNNVDid:CNNVD-201002-047date:2010-02-05T00:00:00
db:NVDid:CVE-2003-1582date:2010-02-05T22:30:02.077