Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-1133

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2004-1133
Last Modified 10 Sep 2008 03:29:16
Published 10 Jan 2005 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2004-1133

Summary

Multiple cross-site scripting (XSS) vulnerabilities in Microsoft W3Who ISAPI (w3who.dll) allow remote attackers to inject arbitrary HTML and web script via (1) HTTP headers such as "Connection" or (2) invalid parameters whose values are echoed in the resulting error message.

Vulnerable Systems

Application

  • Microsoft W3who.dll


References

XF - w3who-http-error-xss(18375)

FULLDISC - 20041206 Multiple vulnerabilities in w3who ISAPI DLL


Last Updated: 27 May 2016 10:38:54