Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2002-1168


Vulnerability Score 6.8 6.8
CVE Id CVE-2002-1168
Last Modified 10 Sep 2008 03:13:59
Published 04 Nov 2002 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE



Cross-site scripting (XSS) vulnerability in IBM Web Traffic Express Caching Proxy Server 3.6 and 4.x before allows remote attackers to execute script as other users via an HTTP request that contains an Location: header with a "%0a%0d" (CRLF) sequence, which echoes the Location as an HTTP header in the server response.

Vulnerable Systems


  • Ibm Websphere Caching Proxy Server 3.6

  • Ibm Websphere Caching Proxy Server 4.0


XF - ibm-wte-header-injection(10454)

BID - 6001

Last Updated: 27 May 2016 10:37:13