CVE-2002-1785

Current Description

Cross-site scripting (XSS) vulnerability in Zeus Administration Server in Zeus Web Server 4.0 through 4.1r2 allows remote authenticated users to inject arbitrary web script or HTML via the section parameter to index.fcgi.

Referenced by CVEs:CVE-2010-0363

Basic Data

PublishedDecember 31, 2002
Last ModifiedSeptember 05, 2008
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeNVD-CWE-Other
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:L/AC:M/Au:N/C:N/I:P/A:N
CVSS 2 - Access VectorLOCAL
CVSS 2 - Access ComplexityMEDIUM
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactNONE
CVSS 2 - Availability ImpactNONE
CVSS 2 - Base Score1.9
SeverityLOW
Exploitability Score3.4
Impact Score2.9
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationZeus TechnologiesZeus Web Server4.0*******
    2.3ApplicationZeus TechnologiesZeus Web Server4.1*******
    2.3ApplicationZeus TechnologiesZeus Web Server4.1_r1*******
    2.3ApplicationZeus TechnologiesZeus Web Server4.1_r2*******
    2.3ApplicationZeus TechnologiesZeus Web Server4.1_r3*******
    2.3ApplicationZeus TechnologiesZeus Web Server4.1_r4*******

Vulnerable Software List

VendorProductVersions
Zeus Technologies Zeus Web Server 4.0, 4.1, 4.1_r1, 4.1_r2, 4.1_r3, 4.1_r4

References

NameSourceURLTags
20021108 Zeus Admin Server v4.1r2 index.fcgi XSS bughttp://archives.neohapsis.com/archives/bugtraq/2002-11/0104.htmlBUGTRAQExploit Vendor Advisory
20021211 Re: Zeus Admin Server v4.1r2 index.fcgi XSS bughttp://online.securityfocus.com/archive/1/302961BUGTRAQExploit Vendor Advisory
zeus-admin-index-xss(10567)http://www.iss.net/security_center/static/10567.phpXF
6144http://www.securityfocus.com/bid/6144BIDExploit PATCH