CVE-2001-0824 - Cross-site scripting vulnerability in IBM WebSphere 3.02 and 3.5 FP2 allows remote attackers to exec

CVE-2001-0824

Summary

Cross-site scripting vulnerability in IBM WebSphere 3.02 and 3.5 FP2 allows remote attackers to execute Javascript by inserting the Javascript into (1) a request for a .JSP file, or (2) a request to the webapp/examples/ directory, which inserts the Javascript into an error page.

References

Vulnerable Configurations

cpe:2.3:a:ibm:websphere_application_server:3.0.2:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:3.0.2:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:3.5:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:3.5:*:*:*:*:*:*:*

CVSS

Base:	7.5 (as of 10-09-2008 - 19:09)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:P/A:P

refmap via4

bid	2969
bugtraq	20010702 Multiple Vendor Java Servlet Container Cross-Site Scripting Vulnerability

Last major update

10-09-2008 - 19:09

Published

06-12-2001 - 05:00

Last modified

10-09-2008 - 19:09