Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » Apache Double-Reverse Lookup Log Entry Spoofing Vulnerability

Apache Double-Reverse Lookup Log Entry Spoofing Vulnerability

by Nikola Strahija on March 27th, 2002 Under some circumstances, Apache may log invalid hostname information. If a double-reverse DNS lookup is performed but fails, then an invalid hostname may appear in the logs. For example, this may occur if the hostname does not properly resolve to the IP address in the double-reverse DNS lookup.


A remote attacker may deliberately exploit this issue to cause spoofed information to be logged by the webserver.

Remote: Yes

Exploit: There is no exploit code required.

Solution: This issue has been addressed in Apache 1.3.24. Administrators are advised to upgrade.



Apache Group Apache 1.3.9win32:

Apache Group Upgrade Apache 1.3.24
http://httpd.apache.org/dist/httpd/

Apache Group Apache 1.3.9:

Apache Group Upgrade Apache 1.3.24
http://httpd.apache.org/dist/httpd/

Apache Group Apache 1.3.11win32:

Apache Group Upgrade Apache 1.3.24
http://httpd.apache.org/dist/httpd/

Apache Group Apache 1.3.11:

Apache Group Upgrade Apache 1.3.24
http://httpd.apache.org/dist/httpd/

Apache Group Apache 1.3.12win32:

Apache Group Upgrade Apache 1.3.24
http://httpd.apache.org/dist/httpd/

Apache Group Apache 1.3.12:

Apache Group Upgrade Apache 1.3.24
http://httpd.apache.org/dist/httpd/

Apache Group Apache 1.3.13win32:

Apache Group Upgrade Apache 1.3.24
http://httpd.apache.org/dist/httpd/

Apache Group Apache 1.3.14win32:

Apache Group Upgrade Apache 1.3.24
http://httpd.apache.org/dist/httpd/

Apache Group Apache 1.3.14:

Apache Group Upgrade Apache 1.3.24
http://httpd.apache.org/dist/httpd/

Apache Group Apache 1.3.15win32:

Apache Group Upgrade Apache 1.3.24
http://httpd.apache.org/dist/httpd/

Apache Group Apache 1.3.16win32:

Apache Group Upgrade Apache 1.3.24
http://httpd.apache.org/dist/httpd/

Apache Group Apache 1.3.17win32:

Apache Group Upgrade Apache 1.3.24
http://httpd.apache.org/dist/httpd/

Apache Group Apache 1.3.17:

Apache Group Upgrade Apache 1.3.24
http://httpd.apache.org/dist/httpd/

Apache Group Apache 1.3.18win32:

Apache Group Upgrade Apache 1.3.24
http://httpd.apache.org/dist/httpd/

Apache Group Apache 1.3.18:

Apache Group Upgrade Apache 1.3.24
http://httpd.apache.org/dist/httpd/

Apache Group Apache 1.3.19win32:

Apache Group Upgrade Apache 1.3.24
http://httpd.apache.org/dist/httpd/

Apache Group Apache 1.3.19:

Apache Group Upgrade Apache 1.3.24
http://httpd.apache.org/dist/httpd/

Apache Group Apache 1.3.20win32:

Apache Group Upgrade Apache 1.3.24
http://httpd.apache.org/dist/httpd/

Apache Group Apache 1.3.20:

Apache Group Upgrade Apache 1.3.24
http://httpd.apache.org/dist/httpd/

Apache Group Apache 1.3.22win32:

Apache Group Upgrade Apache 1.3.24
http://httpd.apache.org/dist/httpd/

Apache Group Apache 1.3.22:

Apache Group Upgrade Apache 1.3.24
http://httpd.apache.org/dist/httpd/

Apache Group Apache 1.3.23win32:

Apache Group Upgrade Apache 1.3.24
http://httpd.apache.org/dist/httpd/

Apache Group Apache 1.3.23:

Apache Group Upgrade Apache 1.3.24
http://httpd.apache.org/dist/httpd/


Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »