CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2002-1168

Cross-site scripting (XSS) vulnerability in IBM Web Traffic Express Caching Proxy Server 3.6 and 4.x before 4.0.1.26 allows remote attackers to execute script as other users via an HTTP request that contains an Location: header with a "%0a%0d" (CRLF) sequence, which echoes the Location as an HTTP header in the server response.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.019

EPSS Ranking 82.3%

CVSS Severity

CVSS v2 Score 6.8

References

http://www.iss.net/security_center/static/10454.php
http://www.securityfocus.com/bid/6001
http://www.iss.net/security_center/static/10454.php
http://www.securityfocus.com/bid/6001

Products affected by CVE-2002-1168

Ibm » Websphere Caching Proxy Server » Version: 3.6

cpe:2.3:a:ibm:websphere_caching_proxy_server:3.6
Ibm » Websphere Caching Proxy Server » Version: 4.0

cpe:2.3:a:ibm:websphere_caching_proxy_server:4.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2002-1168

Products

Pricing

Contact Us