Cross-Site Scripting Vulnerability in IBM Web Traffic Express Proxy Server
CVE-2002-1168

Currently unrated

Key Information:

Vendor: IBM
Status: Websphere Caching Proxy Server
Vendor: CVE Published:; 4 November 2002

Summary

A cross-site scripting vulnerability exists in IBM Web Traffic Express Caching Proxy Server versions 3.6 and earlier 4.x releases prior to 4.0.1.26. This flaw allows remote attackers to inject malicious scripts into web pages viewed by other users. By crafting an HTTP request that includes a specially formatted Location: header containing a CRLF sequence (%0a%0d), attackers can exploit this weakness to execute scripts in the context of the victim's session. It poses a significant risk around user data and can lead to further security breaches if not mitigated.

References

http://www.iss.net/security_center/static/10454.php

vdb-entryx_refsource_XF

http://www.securityfocus.com/bid/6001

vdb-entryx_refsource_BID

Timeline

Vulnerability published
Nov 4, 2002
Vulnerability Reserved
Sep 27, 2002