CVE-2003-1511
Published Dec 31, 2003
Last updated 16 years ago
Overview
- Description
- Cross-site scripting (XSS) vulnerability in Bajie Java HTTP Server 0.95 through 0.95zxv4 allows remote attackers to inject arbitrary web script or HTML via (1) the query string to test.txt, (2) the guestName parameter to the custMsg servlet, or (3) the cookiename parameter to the CookieExample servlet.
- Source
- cve@mitre.org
- NVD status
- Analyzed
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 4.3
- Impact score
- 2.9
- Exploitability score
- 8.6
- Vector string
- AV:N/AC:M/Au:N/C:N/I:P/A:N
Weaknesses
- nvd@nist.gov
- CWE-79
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bajie:java_http_server:0.95:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C4BB8346-EFEC-434E-95D1-294EC5580CA4"
},
{
"criteria": "cpe:2.3:a:bajie:java_http_server:0.95:d:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "ECE86194-3115-4E9D-AEBF-469E8E79771B"
},
{
"criteria": "cpe:2.3:a:bajie:java_http_server:0.95:zxc:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "67BD5099-B55E-4F03-A54A-F41A3E6CD27E"
},
{
"criteria": "cpe:2.3:a:bajie:java_http_server:0.95:zxe:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FEE9C18B-0FD3-406C-8967-3D1FB3B2A978"
},
{
"criteria": "cpe:2.3:a:bajie:java_http_server:0.95:zxe1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9C106CC8-60B8-4556-A19E-1F7BB7926812"
},
{
"criteria": "cpe:2.3:a:bajie:java_http_server:0.95:zxv4:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "906DEE36-7203-4A9B-9022-F5972C38C471"
}
],
"operator": "OR"
}
]
}
]