MitreCVE-2003-0526CVE-2003-0526
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
AI Score
Confidence
High
EPSS
Percentile
91.2%
Cross-site scripting (XSS) vulnerability in Microsoft Internet Security and Acceleration (ISA) Server 2000 allows remote attackers to inject arbitrary web script via a URL containing the script in the domain name portion, which is not properly cleansed in the default error pages (1) 500.htm for “500 Internal Server error” or (2) 404.htm for “404 Not Found.”
Affected configurations
| Vendor | Product | Version | CPE |
|---|---|---|---|
| microsoft | isa_server | 2000 | cpe:2.3:a:microsoft:isa_server:2000:*:*:*:*:*:*:* |
| microsoft | isa_server | 2000 | cpe:2.3:a:microsoft:isa_server:2000:fp1:*:*:*:*:*:* |
| microsoft | isa_server | 2000 | cpe:2.3:a:microsoft:isa_server:2000:sp1:*:*:*:*:*:* |
References
archives.neohapsis.com/archives/vulnwatch/2003-q3/0029.html
archives.neohapsis.com/archives/vulnwatch/2003-q3/0031.html
marc.info/?l=bugtraq&m=105838519729525&w=2
marc.info/?l=bugtraq&m=105838862201266&w=2
marc.info/?l=ntbugtraq&m=105838590030409&w=2
pivx.com/larholm/adv/TL006
docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-028
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A117
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
AI Score
Confidence
High
EPSS
Percentile
91.2%