CVE-2000-1205 — Cross-site Scripting in Apache Http Server

CWE-79 — Cross-site Scripting4 documents4 sources

Severity

4.3MEDIUMNVD

EPSS

5.7%

top 9.57%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apache Http Server

Timeline

PublishedFeb 1

Latest updateApr 30

Description

Cross site scripting vulnerabilities in Apache 1.3.0 through 1.3.11 allow remote attackers to execute script as other web site visitors via (1) the printenv CGI (printenv.pl), which does not encode its output, (2) pages generated by the ap_send_error_response function such as a default 404, which does not add an explicit charset, or (3) various messages that are generated by certain Apache modules or core code. NOTE: the printenv issue might still exist for web browsers that can render text/plai…

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

▶NVDapache/http_server12 versions+11

Patches

Patch: httpd.apache.org ↗Patch: httpd.apache.org ↗

🔴Vulnerability Details

GHSA

GHSA-qv5j-rh3g-jc8x: Cross site scripting vulnerabilities in Apache 1↗2022-04-30

▶

CVEList

CVE-2000-1205: Cross site scripting vulnerabilities in Apache 1↗2002-08-31

▶

📋Vendor Advisories

Red Hat

CVE-2007-4049: No description is available for this CVE↗

▶