Soft3304: >> 04webserver >> 1.42 Security Vulnerabilities
Cross-site scripting (XSS) vulnerability in Soft3304 04WebServer 1.83 and earlier allows remote attackers to inject arbitrary web script or HTML via the URL, which is not properly sanitized before it is returned in an error page, a different vulnerability than CVE-2004-1512.
CVSS Score
6.8
EPSS Score
0.01
Published
2006-08-17
Unspecified vulnerability in 04WebServer 1.83 and earlier allows remote attackers to bypass user authentication via unspecified vectors related to request processing.
CVSS Score
7.5
EPSS Score
0.005
Published
2006-08-17
Cross-site scripting (XSS) vulnerability in Response_default.html in 04WebServer 1.42 allows remote attackers to execute arbitrary web script or HTML via script code in the URL, which is not quoted in the resulting default error page.
CVSS Score
4.3
EPSS Score
0.006
Published
2004-12-31
04WebServer 1.42 does not adequately filter data that is written to log files, which could allow remote attackers to inject carriage return characters into the log file and spoof log entries.
CVSS Score
5.0
EPSS Score
0.007
Published
2004-12-31
04WebServer 1.42 allows remote attackers to cause a denial of service (fail to restart properly) via an HTTP request for an MS-DOS device name such as COM2.
CVSS Score
5.0
EPSS Score
0.011
Published
2004-12-31