CVE-2000-1205
4.3
CVSS Score
Medium
Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Link copied!
Description
Cross site scripting vulnerabilities in Apache 1.3.0 through 1.3.11 allow remote attackers to execute script as other web site visitors via (1) the printenv CGI (printenv.pl), which does not encode its output, (2) pages generated by the ap_send_error_response function such as a default 404, which does not add an explicit charset, or (3) various messages that are generated by certain Apache modules or core code. NOTE: the printenv issue might still exist for web browsers that can render text/plain content types as HTML, such as Internet Explorer, but CVE regards this as a design limitation of those browsers, not Apache. The printenv.pl/acuparam vector, discloser on 20070724, is one such variant.
CVSS Vector Details
Attack Vector
Network
Attack Complexity
M
Confidentiality
None
Integrity
P
Availability
None
Affected Software Configurations
- a apache http_server 1.3.0 * * * * * * *
- a apache http_server 1.3.1 * * * * * * *
- a apache http_server 1.3.2 * * * * * * *
- a apache http_server 1.3.3 * * * * * * *
- a apache http_server 1.3.4 * * * * * * *
- a apache http_server 1.3.5 * * * * * * *
- a apache http_server 1.3.6 * * * * * * *
- a apache http_server 1.3.7 * * * * * * *
- a apache http_server 1.3.8 * * * * * * *
- a apache http_server 1.3.9 * * * * * * *
Weaknesses (CWE)
- CWE-79
References & External Links
- http://archive.cert.uni-stuttgart.de/bugtraq/2002/12/msg00243.html
- http://archives.neohapsis.com/archives/bugtraq/2002-12/0233.html
- http://httpd.apache.org/info/css-security/apache_specific.html
- http://marc.info/?l=bugtraq&m=118529436424127&w=2
- https://exchange.xforce.ibmcloud.com/vulnerabilities/10938
- https://exchange.xforce.ibmcloud.com/vulnerabilities/35597
- https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/rf2f0f3611f937cf6cfb3b4fe4a67f69885855126110e1e3f2fb2728e%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E
- http://archive.cert.uni-stuttgart.de/bugtraq/2002/12/msg00243.html
- http://archives.neohapsis.com/archives/bugtraq/2002-12/0233.html
- http://httpd.apache.org/info/css-security/apache_specific.html
- http://marc.info/?l=bugtraq&m=118529436424127&w=2
- https://exchange.xforce.ibmcloud.com/vulnerabilities/10938
- https://exchange.xforce.ibmcloud.com/vulnerabilities/35597
- https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/rf2f0f3611f937cf6cfb3b4fe4a67f69885855126110e1e3f2fb2728e%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E
External Resources
CVE History Timeline
Jan 01, 2004 05:00
Initial Analysis
Jul 11, 2017 01:29
CVE Modified
Mar 30, 2021 12:15
CVE Modified
Jun 03, 2021 08:15
CVE Modified
Jun 06, 2021 11:15
CVE Modified
Nov 07, 2023 01:55
CVE Modified
May 14, 2024 01:17
CVE Modified
Nov 20, 2024 23:34
CVE Modified