Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2001-0828

Overview

Vulnerability Score 5.1 5.1
CVE Id CVE-2001-0828
Last Modified 10 Sep 2008 03:09:02
Published 06 Dec 2001 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity HIGH
Authentication NONE

CVE-2001-0828

Summary

A cross-site scripting vulnerability in Caucho Technology Resin before 1.2.4 allows a malicious webmaster to embed Javascript in a hyperlink that ends in a .jsp extension, which causes an error message that does not properly quote the Javascript.

Vulnerable Systems

Application

  • Caucho Technology Resin 1.2.2

  • Caucho Technology Resin 1.2.4


References

CERT-VN - VU#981651

BID - 2981

CONFIRM - http://www.caucho.com/products/resin/changes.xtp

XF - java-servlet-crosssite-scripting(6793)

OSVDB - 1890

BUGTRAQ - 20010702 Multiple Vendor Java Servlet Container Cross-Site Scripting Vulnerability


Last Updated: 27 May 2016 10:36:24