Vulnerability Name:

CVE-2002-1195 (CCN-10089)

Assigned:2002-09-12
Published:2002-09-12
Updated:2016-10-18
Summary:Cross-site scripting vulnerability (XSS) in the PHP interface for ht://Check 1.1 allows remote web servers to insert arbitrary HTML, including script, via a web page.
CVSS v3 Severity:3.7 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): High
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): Low
Availibility (A): None
CVSS v2 Severity:4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
2.6 Low (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:P/A:N)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): High
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
Vulnerability Type:CWE-Other
Vulnerability Consequences:Gain Access
References:Source: CCN
Type: Full-Disclosure Mailing List, Thu Sep 12 2002 - 03:59:05 CDT
ht://Check XSS

Source: MITRE
Type: CNA
CVE-2002-1195

Source: BUGTRAQ
Type: UNKNOWN
20020912 ht://Check XSS

Source: DEBIAN
Type: Patch, Vendor Advisory
DSA-169

Source: DEBIAN
Type: DSA-169
htcheck -- cross site scripting

Source: XF
Type: Vendor Advisory
htcheck-server-header-xss(10089)

Source: CCN
Type: OSVDB ID: 9226
ht://Check PHP Interface Web Page XSS

Source: BID
Type: UNKNOWN
5699

Source: CCN
Type: BID-5699
ht://Check Web Header Script Injection Vulnerability

Source: XF
Type: UNKNOWN
htcheck-server-header-xss(10089)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:gabriele_bartolini:ht_check:1.1:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/o:debian:debian_linux:3.0:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.debian:def:169
    V
    		cross site scripting
    2002-09-25
    BACK
    gabriele_bartolini ht check 1.1
    debian debian linux 3.0