| Vulnerability Name: | CVE-2001-1441 (CCN-6793) | ||||||||
| Assigned: | 2001-07-02 | ||||||||
| Published: | 2001-07-02 | ||||||||
| Updated: | 2017-07-11 | ||||||||
| Summary: | Cross-site scripting (XSS) vulnerability in VisualAge for Java 3.5 Professional allows remote attackers to execute JavaScript on other clients via the URL, which injects the script in the resulting error message. | ||||||||
| CVSS v3 Severity: | 7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
| ||||||||
| CVSS v2 Severity: | 6.8 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)
| ||||||||
| Vulnerability Type: | CWE-Other | ||||||||
| Vulnerability Consequences: | Gain Access | ||||||||
| References: | Source: BUGTRAQ Type: UNKNOWN 20010702 Multiple Vendor Java Servlet Container Cross-Site Scripting Vulnerability Source: CCN Type: BugTraq Mailing List, Mon Jul 02 2001 - 06:31:00 CDT Multiple Vendor Java Servlet Container Cross-Site Scripting Vulnerability Source: MITRE Type: CNA CVE-2001-0824 Source: MITRE Type: CNA CVE-2001-0828 Source: MITRE Type: CNA CVE-2001-0829 Source: MITRE Type: CNA CVE-2001-1084 Source: MITRE Type: CNA CVE-2001-1121 Source: MITRE Type: CNA CVE-2001-1441 Source: CCN Type: Apache Web site Cross Site Scripting Info Source: CCN Type: Texas Metronet Web site [ANNOUNCE] Tomcat 4.0 Beta 2 Source: CCN Type: Resin Change Log 1.2.4 - April 11, 2001 Source: CCN Type: US-CERT VU#270083 IBM VisualAge Professional vulnerable to Cross-Site Scripting via passing of user input directly to default error page Source: CERT-VN Type: Exploit, US Government Resource VU#270083 Source: CCN Type: US-CERT VU#560659 IBM WebSphere vulnerable to Cross-Site Scripting via passing of user input directly to default error page Source: CCN Type: US-CERT VU#654643 Allaire JRun Java Application Server vulnerable to Cross-Site Scripting via passing of user input directly to default error page Source: CCN Type: US-CERT VU#672683 Apache Tomcat vulnerable to Cross-Site Scripting via passing of user input directly to default error page Source: CCN Type: US-CERT VU#981651 Caucho Technologies Resin vulnerable to Cross-Site Scripting via passing of user input directly to default error page Source: CCN Type: Macromedia Product Security Bulletin MPSB01-06 JRun 3.1, JRun 3.0, JRun 2.3.3: Cross-site scripting vulnerability (a.k.a. JavaScript code execution vulnerability) Source: CCN Type: Microsoft Security Bulletin MS00-060 Patch Available for 'IIS Cross-Site Scripting' Vulnerabilities Source: CCN Type: OSVDB ID: 15790 IBM WebSphere Application Server (WAS) Error Page XSS Source: CCN Type: OSVDB ID: 1890 Caucho Resin Java Servlet Error Page XSS Source: CCN Type: OSVDB ID: 1891 Allaire JRun Java Servlet Error Page XSS Source: CCN Type: OSVDB ID: 3880 VisualAge Java Servlet Error Page XSS Source: CCN Type: OSVDB ID: 829 IBM WebSphere Application Server (WAS) Java Servlet Error Page XSS Source: CCN Type: OSVDB ID: 844 Apache Tomcat Java Servlet Error Page XSS Source: CCN Type: BID-2969 IBM WebSphere Cross-Site Scripting Vulnerability Source: CCN Type: BID-2981 Caucho Technology Resin Cross-Site Scripting Vulnerability Source: CCN Type: BID-2982 Apache Tomcat Cross-Site Scripting Vulnerability Source: CCN Type: BID-2983 Allaire JRun Cross-Site Scripting Vulnerability Source: XF Type: UNKNOWN java-servlet-crosssite-scripting(6793) Source: XF Type: UNKNOWN java-servlet-crosssite-scripting(6793) | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||