Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2002-1168

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2002-1168
Last Modified 10 Sep 2008 03:13:59
Published 04 Nov 2002 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2002-1168

Summary

Cross-site scripting (XSS) vulnerability in IBM Web Traffic Express Caching Proxy Server 3.6 and 4.x before 4.0.1.26 allows remote attackers to execute script as other users via an HTTP request that contains an Location: header with a "%0a%0d" (CRLF) sequence, which echoes the Location as an HTTP header in the server response.

Vulnerable Systems

Application

  • Ibm Websphere Caching Proxy Server 3.6

  • Ibm Websphere Caching Proxy Server 4.0


References

XF - ibm-wte-header-injection(10454)

BID - 6001


Last Updated: 27 May 2016 10:37:13