Lucene search

K
nvd[email protected]NVD:CVE-2002-1168
HistoryNov 04, 2002 - 5:00 a.m.

CVE-2002-1168

2002-11-0405:00:00
web.nvd.nist.gov
4

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

5.9

Confidence

High

EPSS

0.01

Percentile

83.5%

Cross-site scripting (XSS) vulnerability in IBM Web Traffic Express Caching Proxy Server 3.6 and 4.x before 4.0.1.26 allows remote attackers to execute script as other users via an HTTP request that contains an Location: header with a “%0a%0d” (CRLF) sequence, which echoes the Location as an HTTP header in the server response.

Affected configurations

Nvd
Node
ibmwebsphere_caching_proxy_serverMatch3.6
OR
ibmwebsphere_caching_proxy_serverMatch4.0
VendorProductVersionCPE
ibmwebsphere_caching_proxy_server3.6cpe:2.3:a:ibm:websphere_caching_proxy_server:3.6:*:*:*:*:*:*:*
ibmwebsphere_caching_proxy_server4.0cpe:2.3:a:ibm:websphere_caching_proxy_server:4.0:*:*:*:*:*:*:*

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

5.9

Confidence

High

EPSS

0.01

Percentile

83.5%

Related for NVD:CVE-2002-1168