CVE Vulnerabilities

CVE-2002-1168

Published: Nov 04, 2002 | Modified: Sep 10, 2008
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
6.8 MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu

Cross-site scripting (XSS) vulnerability in IBM Web Traffic Express Caching Proxy Server 3.6 and 4.x before 4.0.1.26 allows remote attackers to execute script as other users via an HTTP request that contains an Location: header with a %0a%0d (CRLF) sequence, which echoes the Location as an HTTP header in the server response.

Affected Software

Name Vendor Start Version End Version
Websphere_caching_proxy_server Ibm 3.6 3.6
Websphere_caching_proxy_server Ibm 4.0 4.0

References