Search criteria
8 vulnerabilities found for websphere_caching_proxy_server by ibm
CVE-2002-1169 (GCVE-0-2002-1169)
Vulnerability from cvelistv5 – Published: 2004-09-01 04:00 – Updated: 2024-08-08 03:19
VLAI?
Summary
IBM Web Traffic Express Caching Proxy Server 3.6 and 4.x before 4.0.1.26 allows remote attackers to cause a denial of service (crash) via an HTTP request to helpout.exe with a missing HTTP version number, which causes ibmproxy.exe to crash.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T03:19:27.509Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ibm-wte-helpout-dos(10452)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/10452.php"
},
{
"name": "IY35970",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-1.ibm.com/support/search.wss?rs=0\u0026q=IY35970\u0026apar=only"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.rapid7.com/advisories/R7-0007.txt"
},
{
"name": "6002",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/6002"
},
{
"name": "2090",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/2090"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-10-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Web Traffic Express Caching Proxy Server 3.6 and 4.x before 4.0.1.26 allows remote attackers to cause a denial of service (crash) via an HTTP request to helpout.exe with a missing HTTP version number, which causes ibmproxy.exe to crash."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2004-08-20T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ibm-wte-helpout-dos(10452)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/10452.php"
},
{
"name": "IY35970",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-1.ibm.com/support/search.wss?rs=0\u0026q=IY35970\u0026apar=only"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.rapid7.com/advisories/R7-0007.txt"
},
{
"name": "6002",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/6002"
},
{
"name": "2090",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/2090"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-1169",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Web Traffic Express Caching Proxy Server 3.6 and 4.x before 4.0.1.26 allows remote attackers to cause a denial of service (crash) via an HTTP request to helpout.exe with a missing HTTP version number, which causes ibmproxy.exe to crash."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ibm-wte-helpout-dos(10452)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/10452.php"
},
{
"name": "IY35970",
"refsource": "AIXAPAR",
"url": "http://www-1.ibm.com/support/search.wss?rs=0\u0026q=IY35970\u0026apar=only"
},
{
"name": "http://www.rapid7.com/advisories/R7-0007.txt",
"refsource": "MISC",
"url": "http://www.rapid7.com/advisories/R7-0007.txt"
},
{
"name": "6002",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/6002"
},
{
"name": "2090",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/2090"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-1169",
"datePublished": "2004-09-01T04:00:00",
"dateReserved": "2002-09-27T00:00:00",
"dateUpdated": "2024-08-08T03:19:27.509Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-0684 (GCVE-0-2004-0684)
Vulnerability from cvelistv5 – Published: 2004-07-13 04:00 – Updated: 2024-08-08 00:24
VLAI?
Summary
WebSphere Edge Component Caching Proxy in WebSphere Edge Server 5.02, with the JunctionRewrite directive enabled, allows remote attackers to cause a denial of service via an HTTP GET request without any parameters.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:24:27.155Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ibm-edge-caching-dos(16607)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16607"
},
{
"name": "20040708 CYBSEC - Security Advisory: Denial of Service in IBM WebSphere",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=108938997528245\u0026w=2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.cybsec.com/vuln/IBM-WebSphere-Edge-Server-DOS.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-07-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "WebSphere Edge Component Caching Proxy in WebSphere Edge Server 5.02, with the JunctionRewrite directive enabled, allows remote attackers to cause a denial of service via an HTTP GET request without any parameters."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ibm-edge-caching-dos(16607)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16607"
},
{
"name": "20040708 CYBSEC - Security Advisory: Denial of Service in IBM WebSphere",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=108938997528245\u0026w=2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.cybsec.com/vuln/IBM-WebSphere-Edge-Server-DOS.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0684",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "WebSphere Edge Component Caching Proxy in WebSphere Edge Server 5.02, with the JunctionRewrite directive enabled, allows remote attackers to cause a denial of service via an HTTP GET request without any parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ibm-edge-caching-dos(16607)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16607"
},
{
"name": "20040708 CYBSEC - Security Advisory: Denial of Service in IBM WebSphere",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=108938997528245\u0026w=2"
},
{
"name": "http://www.cybsec.com/vuln/IBM-WebSphere-Edge-Server-DOS.pdf",
"refsource": "MISC",
"url": "http://www.cybsec.com/vuln/IBM-WebSphere-Edge-Server-DOS.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-0684",
"datePublished": "2004-07-13T04:00:00",
"dateReserved": "2004-07-12T00:00:00",
"dateUpdated": "2024-08-08T00:24:27.155Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2002-1167 (GCVE-0-2002-1167)
Vulnerability from cvelistv5 – Published: 2002-10-25 04:00 – Updated: 2024-08-08 03:19
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in IBM Web Traffic Express Caching Proxy Server 3.6 and 4.x before 4.0.1.26 allows remote attackers to execute script as other users via an HTTP GET request.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T03:19:27.433Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "6000",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/6000"
},
{
"name": "ibm-wte-html-xss(10453)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/10453.php"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-10-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in IBM Web Traffic Express Caching Proxy Server 3.6 and 4.x before 4.0.1.26 allows remote attackers to execute script as other users via an HTTP GET request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2003-03-18T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "6000",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/6000"
},
{
"name": "ibm-wte-html-xss(10453)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/10453.php"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-1167",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in IBM Web Traffic Express Caching Proxy Server 3.6 and 4.x before 4.0.1.26 allows remote attackers to execute script as other users via an HTTP GET request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "6000",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/6000"
},
{
"name": "ibm-wte-html-xss(10453)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/10453.php"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-1167",
"datePublished": "2002-10-25T04:00:00",
"dateReserved": "2002-09-27T00:00:00",
"dateUpdated": "2024-08-08T03:19:27.433Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2002-1168 (GCVE-0-2002-1168)
Vulnerability from cvelistv5 – Published: 2002-10-25 04:00 – Updated: 2024-08-08 03:19
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in IBM Web Traffic Express Caching Proxy Server 3.6 and 4.x before 4.0.1.26 allows remote attackers to execute script as other users via an HTTP request that contains an Location: header with a "%0a%0d" (CRLF) sequence, which echoes the Location as an HTTP header in the server response.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T03:19:27.687Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ibm-wte-header-injection(10454)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/10454.php"
},
{
"name": "6001",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/6001"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-10-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in IBM Web Traffic Express Caching Proxy Server 3.6 and 4.x before 4.0.1.26 allows remote attackers to execute script as other users via an HTTP request that contains an Location: header with a \"%0a%0d\" (CRLF) sequence, which echoes the Location as an HTTP header in the server response."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2003-03-18T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ibm-wte-header-injection(10454)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/10454.php"
},
{
"name": "6001",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/6001"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-1168",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in IBM Web Traffic Express Caching Proxy Server 3.6 and 4.x before 4.0.1.26 allows remote attackers to execute script as other users via an HTTP request that contains an Location: header with a \"%0a%0d\" (CRLF) sequence, which echoes the Location as an HTTP header in the server response."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ibm-wte-header-injection(10454)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/10454.php"
},
{
"name": "6001",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/6001"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-1168",
"datePublished": "2002-10-25T04:00:00",
"dateReserved": "2002-09-27T00:00:00",
"dateUpdated": "2024-08-08T03:19:27.687Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-0684 (GCVE-0-2004-0684)
Vulnerability from nvd – Published: 2004-07-13 04:00 – Updated: 2024-08-08 00:24
VLAI?
Summary
WebSphere Edge Component Caching Proxy in WebSphere Edge Server 5.02, with the JunctionRewrite directive enabled, allows remote attackers to cause a denial of service via an HTTP GET request without any parameters.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:24:27.155Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ibm-edge-caching-dos(16607)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16607"
},
{
"name": "20040708 CYBSEC - Security Advisory: Denial of Service in IBM WebSphere",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=108938997528245\u0026w=2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.cybsec.com/vuln/IBM-WebSphere-Edge-Server-DOS.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-07-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "WebSphere Edge Component Caching Proxy in WebSphere Edge Server 5.02, with the JunctionRewrite directive enabled, allows remote attackers to cause a denial of service via an HTTP GET request without any parameters."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ibm-edge-caching-dos(16607)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16607"
},
{
"name": "20040708 CYBSEC - Security Advisory: Denial of Service in IBM WebSphere",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=108938997528245\u0026w=2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.cybsec.com/vuln/IBM-WebSphere-Edge-Server-DOS.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0684",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "WebSphere Edge Component Caching Proxy in WebSphere Edge Server 5.02, with the JunctionRewrite directive enabled, allows remote attackers to cause a denial of service via an HTTP GET request without any parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ibm-edge-caching-dos(16607)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16607"
},
{
"name": "20040708 CYBSEC - Security Advisory: Denial of Service in IBM WebSphere",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=108938997528245\u0026w=2"
},
{
"name": "http://www.cybsec.com/vuln/IBM-WebSphere-Edge-Server-DOS.pdf",
"refsource": "MISC",
"url": "http://www.cybsec.com/vuln/IBM-WebSphere-Edge-Server-DOS.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-0684",
"datePublished": "2004-07-13T04:00:00",
"dateReserved": "2004-07-12T00:00:00",
"dateUpdated": "2024-08-08T00:24:27.155Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2002-1167 (GCVE-0-2002-1167)
Vulnerability from nvd – Published: 2002-10-25 04:00 – Updated: 2024-08-08 03:19
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in IBM Web Traffic Express Caching Proxy Server 3.6 and 4.x before 4.0.1.26 allows remote attackers to execute script as other users via an HTTP GET request.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T03:19:27.433Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "6000",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/6000"
},
{
"name": "ibm-wte-html-xss(10453)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/10453.php"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-10-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in IBM Web Traffic Express Caching Proxy Server 3.6 and 4.x before 4.0.1.26 allows remote attackers to execute script as other users via an HTTP GET request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2003-03-18T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "6000",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/6000"
},
{
"name": "ibm-wte-html-xss(10453)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/10453.php"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-1167",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in IBM Web Traffic Express Caching Proxy Server 3.6 and 4.x before 4.0.1.26 allows remote attackers to execute script as other users via an HTTP GET request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "6000",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/6000"
},
{
"name": "ibm-wte-html-xss(10453)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/10453.php"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-1167",
"datePublished": "2002-10-25T04:00:00",
"dateReserved": "2002-09-27T00:00:00",
"dateUpdated": "2024-08-08T03:19:27.433Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2002-1168 (GCVE-0-2002-1168)
Vulnerability from nvd – Published: 2002-10-25 04:00 – Updated: 2024-08-08 03:19
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in IBM Web Traffic Express Caching Proxy Server 3.6 and 4.x before 4.0.1.26 allows remote attackers to execute script as other users via an HTTP request that contains an Location: header with a "%0a%0d" (CRLF) sequence, which echoes the Location as an HTTP header in the server response.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T03:19:27.687Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ibm-wte-header-injection(10454)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/10454.php"
},
{
"name": "6001",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/6001"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-10-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in IBM Web Traffic Express Caching Proxy Server 3.6 and 4.x before 4.0.1.26 allows remote attackers to execute script as other users via an HTTP request that contains an Location: header with a \"%0a%0d\" (CRLF) sequence, which echoes the Location as an HTTP header in the server response."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2003-03-18T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ibm-wte-header-injection(10454)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/10454.php"
},
{
"name": "6001",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/6001"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-1168",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in IBM Web Traffic Express Caching Proxy Server 3.6 and 4.x before 4.0.1.26 allows remote attackers to execute script as other users via an HTTP request that contains an Location: header with a \"%0a%0d\" (CRLF) sequence, which echoes the Location as an HTTP header in the server response."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ibm-wte-header-injection(10454)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/10454.php"
},
{
"name": "6001",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/6001"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-1168",
"datePublished": "2002-10-25T04:00:00",
"dateReserved": "2002-09-27T00:00:00",
"dateUpdated": "2024-08-08T03:19:27.687Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2002-1169 (GCVE-0-2002-1169)
Vulnerability from nvd – Published: 2004-09-01 04:00 – Updated: 2024-08-08 03:19
VLAI?
Summary
IBM Web Traffic Express Caching Proxy Server 3.6 and 4.x before 4.0.1.26 allows remote attackers to cause a denial of service (crash) via an HTTP request to helpout.exe with a missing HTTP version number, which causes ibmproxy.exe to crash.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T03:19:27.509Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ibm-wte-helpout-dos(10452)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/10452.php"
},
{
"name": "IY35970",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-1.ibm.com/support/search.wss?rs=0\u0026q=IY35970\u0026apar=only"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.rapid7.com/advisories/R7-0007.txt"
},
{
"name": "6002",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/6002"
},
{
"name": "2090",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/2090"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-10-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Web Traffic Express Caching Proxy Server 3.6 and 4.x before 4.0.1.26 allows remote attackers to cause a denial of service (crash) via an HTTP request to helpout.exe with a missing HTTP version number, which causes ibmproxy.exe to crash."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2004-08-20T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ibm-wte-helpout-dos(10452)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/10452.php"
},
{
"name": "IY35970",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-1.ibm.com/support/search.wss?rs=0\u0026q=IY35970\u0026apar=only"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.rapid7.com/advisories/R7-0007.txt"
},
{
"name": "6002",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/6002"
},
{
"name": "2090",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/2090"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-1169",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Web Traffic Express Caching Proxy Server 3.6 and 4.x before 4.0.1.26 allows remote attackers to cause a denial of service (crash) via an HTTP request to helpout.exe with a missing HTTP version number, which causes ibmproxy.exe to crash."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ibm-wte-helpout-dos(10452)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/10452.php"
},
{
"name": "IY35970",
"refsource": "AIXAPAR",
"url": "http://www-1.ibm.com/support/search.wss?rs=0\u0026q=IY35970\u0026apar=only"
},
{
"name": "http://www.rapid7.com/advisories/R7-0007.txt",
"refsource": "MISC",
"url": "http://www.rapid7.com/advisories/R7-0007.txt"
},
{
"name": "6002",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/6002"
},
{
"name": "2090",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/2090"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-1169",
"datePublished": "2004-09-01T04:00:00",
"dateReserved": "2002-09-27T00:00:00",
"dateUpdated": "2024-08-08T03:19:27.509Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}