| Vulnerability Name: | CVE-2002-1060 (CCN-9674) | ||||||||
| Assigned: | 2002-07-24 | ||||||||
| Published: | 2002-07-24 | ||||||||
| Updated: | 2008-09-05 | ||||||||
| Summary: | Cross-site scripting (XSS) vulnerability in Blue Coat Systems (formerly CacheFlow) CacheOS on Client Accelerator 4.1.06, Security Gateway 2.1.02, and Server Accelerator 4.1.06 allows remote attackers to inject arbitrary web script or HTML via a URL to a nonexistent hostname that includes the HTML, which is inserted into the resulting error page. | ||||||||
| CVSS v3 Severity: | 3.7 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)
| ||||||||
| CVSS v2 Severity: | 4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N)
| ||||||||
| Vulnerability Type: | CWE-Other | ||||||||
| Vulnerability Consequences: | Gain Access | ||||||||
| References: | Source: BUGTRAQ Type: UNKNOWN 20020724 CacheFlow CacheOS Cross-site Scripting Vulnerability Source: CCN Type: BugTraq Mailing List, Wed Jul 24 2002 - 17:49:33 CDT CacheFlow CacheOS Cross-site Scripting Vulnerability Source: CCN Type: BugTraq Mailing List, Tue Sep 03 2002 - 00:37:13 CDT Re: CacheFlow CacheOS Cross-site Scripting Vulnerability Source: MITRE Type: CNA CVE-2002-1060 Source: CONFIRM Type: UNKNOWN http://download.cacheflow.com/release/CA/4.1.00-docs/CACacheOS41fixes.htm Source: XF Type: Patch, Vendor Advisory cacheos-unresolved-error-xss(9674) Source: CCN Type: OSVDB ID: 4989 CacheFlow CacheOS hostname XSS Source: BID Type: Exploit, Patch, Vendor Advisory 5305 Source: CCN Type: BID-5305 CacheFlow CacheOS Unresolved Domain Cross Site Scripting Vulnerability Source: BID Type: UNKNOWN 5608 Source: CCN Type: BID-5608 Blue Coat Systems Error Page Cross Site Scripting Vulnerability Source: XF Type: UNKNOWN cacheos-unresolved-error-xss(9674) | ||||||||
| Vulnerable Configuration: | Configuration 1: Denotes that component is vulnerable | ||||||||
| BACK | |||||||||