Unrated severityNVD Advisory· Published Feb 5, 2010· Updated Apr 29, 2026
CVE-2003-1578
CVE-2003-1578
Description
Sun ONE (aka iPlanet) Web Server 4.1 through SP12 and 6.0 through SP5, when DNS resolution is enabled for client IP addresses, allows remote attackers to hide HTTP requests from the log-preview functionality by accompanying the requests with crafted DNS responses specifying a domain name beginning with a "format=" substring, related to an "Inverse Lookup Log Corruption (ILLC)" issue.
Affected products
19cpe:2.3:a:sun:one_web_server:4.1:*:*:*:*:*:*:*+ 18 more
- cpe:2.3:a:sun:one_web_server:4.1:*:*:*:*:*:*:*
- cpe:2.3:a:sun:one_web_server:4.1:sp1:*:*:*:*:*:*
- cpe:2.3:a:sun:one_web_server:4.1:sp10:*:*:*:*:*:*
- cpe:2.3:a:sun:one_web_server:4.1:sp11:*:*:*:*:*:*
- cpe:2.3:a:sun:one_web_server:4.1:sp2:*:*:*:*:*:*
- cpe:2.3:a:sun:one_web_server:4.1:sp3:*:*:*:*:*:*
- cpe:2.3:a:sun:one_web_server:4.1:sp4:*:*:*:*:*:*
- cpe:2.3:a:sun:one_web_server:4.1:sp5:*:*:*:*:*:*
- cpe:2.3:a:sun:one_web_server:4.1:sp6:*:*:*:*:*:*
- cpe:2.3:a:sun:one_web_server:4.1:sp7:*:*:*:*:*:*
- cpe:2.3:a:sun:one_web_server:4.1:sp8:*:*:*:*:*:*
- cpe:2.3:a:sun:one_web_server:4.1:sp9:*:*:*:*:*:*
- cpe:2.3:a:sun:one_web_server:6.0:*:*:*:*:*:*:*
- cpe:2.3:a:sun:one_web_server:6.0:sp1:*:*:*:*:*:*
- cpe:2.3:a:sun:one_web_server:6.0:sp2:*:*:*:*:*:*
- cpe:2.3:a:sun:one_web_server:6.0:sp3:*:*:*:*:*:*
- cpe:2.3:a:sun:one_web_server:6.0:sp4:*:*:*:*:*:*
- cpe:2.3:a:sun:one_web_server:*:sp12:*:*:*:*:*:*range: <=4.1
- cpe:2.3:a:sun:one_web_server:*:sp5:*:*:*:*:*:*range: <=6.0
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
4- sunsolve.sun.com/search/document.donvdPatchVendor Advisory
- www.securityfocus.com/bid/7012nvdPatch
- www.securityfocus.com/archive/1/313867nvdExploit
- exchange.xforce.ibmcloud.com/vulnerabilities/56633nvd
News mentions
0No linked articles in our index yet.