CVE-2004-1133 - Multiple cross-site scripting (XSS) vulnerabilities in Microsoft W3Who ISAPI (w3who.dll) allow remot

CVE-2004-1133

Summary

Multiple cross-site scripting (XSS) vulnerabilities in Microsoft W3Who ISAPI (w3who.dll) allow remote attackers to inject arbitrary HTML and web script via (1) HTTP headers such as "Connection" or (2) invalid parameters whose values are echoed in the resulting error message.

References

http://marc.info/?l=full-disclosure&m=110234486823233&w=2
http://www.exaprobe.com/labs/advisories/esa-2004-1206.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/18375

Vulnerable Configurations

cpe:2.3:a:microsoft:w3who.dll:*:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:w3who.dll:*:*:*:*:*:*:*:*

CVSS

Base:	6.8 (as of 11-07-2017 - 01:30)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:M/Au:N/C:P/I:P/A:P

refmap via4

fulldisc	20041206 Multiple vulnerabilities in w3who ISAPI DLL
misc	http://www.exaprobe.com/labs/advisories/esa-2004-1206.html
xf	w3who-http-error-xss(18375)

Last major update

11-07-2017 - 01:30

Published

10-01-2005 - 05:00

Last modified

11-07-2017 - 01:30