CVE-2002-1168

Cross-site scripting (XSS) vulnerability in IBM Web Traffic Express Caching Proxy Server 3.6 and 4.x before 4.0.1.26 allows remote attackers to execute script as other users via an HTTP request that contains an Location: header with a "%0a%0d" (CRLF) sequence, which echoes the Location as an HTTP header in the server response.

Published: Nov 4, 2002
Updated: Apr 13, 2023
CVE: CVE-2002-1168
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
ibm / websphere_caching_proxy_server	3.6	3.6.x
ibm / websphere_caching_proxy_server	4.0	4.0.x

http://www.iss.net/security_center/static/10454.php
http://www.securityfocus.com/bid/6001

Vulnerability Database

CVE-2002-1168