| Vulnerability Name: | CVE-2004-2115 (CCN-14930) | ||||||||
| Assigned: | 2004-01-24 | ||||||||
| Published: | 2004-01-24 | ||||||||
| Updated: | 2017-07-11 | ||||||||
| Summary: | Multiple cross-site scripting (XSS) vulnerabilities in Oracle HTTP Server 1.3.22, based on Apache, allow remote attackers to execute arbitrary script as other users via the (1) action, (2) username, or (3) password parameters in an isqlplus request. | ||||||||
| CVSS v3 Severity: | 5.6 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L)
| ||||||||
| CVSS v2 Severity: | 6.8 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)
| ||||||||
| Vulnerability Type: | CWE-Other | ||||||||
| Vulnerability Consequences: | Gain Access | ||||||||
| References: | Source: CCN Type: BugTraq Mailing List, Sat Jan 24 2004 - 03:54:21 CST Oracle HTTP Server Cross Site Scripting Vulnerabillity Source: MITRE Type: CNA CVE-2004-2115 Source: BUGTRAQ Type: UNKNOWN 20040124 Oracle HTTP Server Cross Site Scripting Vulnerabillity Source: CCN Type: OSVDB ID: 34297 Oracle HTTP Server isqlplus Request Multiple Parameter XSS Source: BID Type: Exploit 9484 Source: CCN Type: BID-9484 Oracle HTTP Server isqlplus Cross-Site Scripting Vulnerability Source: XF Type: UNKNOWN oraclehttpserver-isqlplus-xss(14930) Source: XF Type: UNKNOWN oraclehttpserver-isqlplus-xss(14930) | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||