Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Apache before 1.3.24, when writing to the log file, records a spoofed hostname from the reverse lookup of an IP address, even when a double-reverse lookup fails, which allows remote attackers to hide the original source of activities.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Apache两次解析查询日志条目欺骗漏洞
Vulnerability Description
Apache是一款流行免费的开放源代码WEB服务器,运行在多种Unix和Linux系统平台下,也可运行于Windows平台下。 Apache对域名解析错误而记录日志处理中存在漏洞,可导致攻击者伪造日志。 在某些环境下,Apache会记录非法主机名信息,执行两次解析DNS查询的目的是为了保证DNS条中的IP地址和主机名匹配。如果两次解析DNS查询被执行但失败的情况下,就会把非法主机名记录到Apache日志中。例如如果在两次解析DNS查询时主机名不能正确的解析为IP地址,就会在日志中出现非法主机名信息。 攻击
CVSS Information
N/A
Vulnerability Type
N/A