Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveMitreCVE-2002-1168
HistoryNov 04, 2002 - 5:00 a.m.

CVE-2002-1168

2002-11-0405:00:00
mitre
web.nvd.nist.gov
35
ibm
web traffic
express
caching
proxy server
xss
vulnerability
http
security
nvd

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

6.1

Confidence

High

EPSS

0.01

Percentile

83.5%

JSON

Cross-site scripting (XSS) vulnerability in IBM Web Traffic Express Caching Proxy Server 3.6 and 4.x before 4.0.1.26 allows remote attackers to execute script as other users via an HTTP request that contains an Location: header with a “%0a%0d” (CRLF) sequence, which echoes the Location as an HTTP header in the server response.

Affected configurations

Nvd
Node
ibmwebsphere_caching_proxy_serverMatch3.6
OR
ibmwebsphere_caching_proxy_serverMatch4.0
VendorProductVersionCPE
ibmwebsphere_caching_proxy_server3.6cpe:2.3:a:ibm:websphere_caching_proxy_server:3.6:*:*:*:*:*:*:*
ibmwebsphere_caching_proxy_server4.0cpe:2.3:a:ibm:websphere_caching_proxy_server:4.0:*:*:*:*:*:*:*

Related

exploitdb 1
cvelist 1
nvd 1
exploitdb
exploitdb
IBM Websphere Edge Server 3.69/4.0 - HTTP Header Injection
2002-10-23 00:00:00
cvelist
cvelist
CVE-2002-1168
2002-10-25 04:00:00
nvd
nvd
CVE-2002-1168
2002-11-04 05:00:00

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

6.1

Confidence

High

EPSS

0.01

Percentile

83.5%

JSON
Related for CVE-2002-1168
exploitdb1cvelist1nvd1