Vulnerability Name: | CVE-2002-0733 (CCN-9029) | ||||||||
Assigned: | 2001-04-17 | ||||||||
Published: | 2001-04-17 | ||||||||
Updated: | 2008-09-05 | ||||||||
Summary: | Cross-site scripting vulnerability in thttpd 2.20 and earlier allows remote attackers to execute arbitrary script via a URL to a nonexistent page, which causes thttpd to insert the script into a 404 error message. | ||||||||
CVSS v3 Severity: | 7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
| ||||||||
CVSS v2 Severity: | 7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P) 5.5 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
5.5 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
| ||||||||
Vulnerability Type: | CWE-Other | ||||||||
Vulnerability Consequences: | Other | ||||||||
References: | Source: CCN Type: Vuln-Dev Mailing List, Apr 17 2002 7:27PM Smalls holes on 5 products #1 Source: VULNWATCH Type: Vendor Advisory 20020417 Smalls holes on 5 products #1 Source: MITRE Type: CNA CVE-2002-0733 Source: CCN Type: ACME Laboratories Web site thttpd Source: CCN Type: thttpd - tiny/turbo/throttling HTTP server Web page New in version 2.21 Source: CONFIRM Type: UNKNOWN http://www.acme.com/software/thttpd/#releasenotes Source: MISC Type: UNKNOWN http://www.ifrance.com/kitetoua/tuto/5holes1.txt Source: XF Type: Vendor Advisory thttpd-error-page-css(9029) Source: OSVDB Type: UNKNOWN 5125 Source: CCN Type: OSVDB ID: 5125 thttpd Error Page XSS Source: BID Type: Exploit, Vendor Advisory 4601 Source: CCN Type: BID-4601 ACME Labs thttpd Cross-Site Scripting Vulnerability Source: XF Type: UNKNOWN thttpd-error-page-xss(9029) | ||||||||
Vulnerable Configuration: | Configuration 1: Configuration CCN 1: Denotes that component is vulnerable | ||||||||
BACK |