1. CVE-Search
  2. CVE-2001-0835
ID CVE-2001-0835
Summary Cross-site scripting vulnerability in Webalizer 2.01-06, and possibly other versions, allows remote attackers to inject arbitrary HTML tags by specifying them in (1) search keywords embedded in HTTP referrer information, or (2) host names that are retrieved via a reverse DNS lookup.
References
Vulnerable Configurations
  • cpe:2.3:a:bradford_barrett:webalizer:*:*:*:*:*:*:*:*
    cpe:2.3:a:bradford_barrett:webalizer:*:*:*:*:*:*:*:*
CVSS
Base: 7.5 (as of 19-12-2017 - 02:29)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:P
redhat via4
advisories
  • rhsa
    id RHSA-2001:140
  • rhsa
    id RHSA-2001:141
refmap via4
bid 3473
bugtraq 20011024 Cross-site Scripting Flaw in webalizer
confirm http://www.mrunix.net/webalizer/news.html
engarde ESA-20011101-01
suse SuSE-SA:2001:040
xf
  • webalizer-html-tag-host(7350)
  • webalizer-html-tags-keywords(7351)
Last major update 19-12-2017 - 02:29
Published 06-12-2001 - 05:00
Last modified 19-12-2017 - 02:29
Back to Top