ID CVE-2003-0526
Summary Cross-site scripting (XSS) vulnerability in Microsoft Internet Security and Acceleration (ISA) Server 2000 allows remote attackers to inject arbitrary web script via a URL containing the script in the domain name portion, which is not properly cleansed in the default error pages (1) 500.htm for "500 Internal Server error" or (2) 404.htm for "404 Not Found."
References
Vulnerable Configurations
  • cpe:2.3:a:microsoft:isa_server:2000:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:isa_server:2000:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:isa_server:2000:fp1:*:*:*:*:*:*
    cpe:2.3:a:microsoft:isa_server:2000:fp1:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:isa_server:2000:sp1:*:*:*:*:*:*
    cpe:2.3:a:microsoft:isa_server:2000:sp1:*:*:*:*:*:*
CVSS
Base: 6.8 (as of 12-10-2018 - 21:32)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:M/Au:N/C:P/I:P/A:P
oval via4
accepted 2011-04-25T04:00:04.930-04:00
class vulnerability
contributors
  • name Tiffany Bergeron
    organization The MITRE Corporation
  • name Jeff Cheng
    organization Opsware, Inc.
  • name Akihito Nakamura
    organization AIST
description Cross-site scripting (XSS) vulnerability in Microsoft Internet Security and Acceleration (ISA) Server 2000 allows remote attackers to inject arbitrary web script via a URL containing the script in the domain name portion, which is not properly cleansed in the default error pages (1) 500.htm for "500 Internal Server error" or (2) 404.htm for "404 Not Found."
family windows
id oval:org.mitre.oval:def:117
status accepted
submitted 2003-10-03T12:00:00.000-04:00
title Microsoft ISA Server Cross-Site Scripting
version 5
refmap via4
bugtraq
  • 20030716 ISA Server - Error Page Cross Site Scripting
  • 20030716 Microsoft ISA Server HTTP error handler XSS (TL#007)
misc http://pivx.com/larholm/adv/TL006
ms MS03-028
ntbugtraq 20030716 Microsoft ISA Server HTTP error handler XSS (TL#007)
vulnwatch
  • 20030716 ISA Server - Error Page Cross Site Scripting
  • 20030716 Microsoft ISA Server HTTP error handler XSS (TL#007)
Last major update 12-10-2018 - 21:32
Published 18-08-2003 - 04:00
Back to Top