Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
27 vulnerabilities by W3C
CVE-2025-1781 (GCVE-0-2025-1781)
Vulnerability from cvelistv5 – Published: 2025-03-28 13:48 – Updated: 2025-03-28 14:31
VLAI
Summary
There is a XXE in W3CSS Validator versions before cssval-20250226 that allows an attacker to use specially-crafted XML objects to coerce server-side request forgery (SSRF). This could be exploited to read arbitrary local files if an attacker has access to exception messages.
Severity
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-611 - Improper Restriction of XML External Entity Reference
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| W3C | CSS Validator |
Affected:
< cssval-20250226
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-1781",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-28T14:31:41.439285Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-28T14:31:48.212Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "CSS Validator",
"vendor": "W3C",
"versions": [
{
"status": "affected",
"version": "\u003c cssval-20250226"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "There is a XXE in W3CSS Validator versions before\u0026nbsp;cssval-20250226 that allows an attacker to use specially-crafted XML objects to coerce server-side request forgery (SSRF).\u0026nbsp; This could be exploited to read arbitrary local files if an attacker has access to exception messages."
}
],
"value": "There is a XXE in W3CSS Validator versions before\u00a0cssval-20250226 that allows an attacker to use specially-crafted XML objects to coerce server-side request forgery (SSRF).\u00a0 This could be exploited to read arbitrary local files if an attacker has access to exception messages."
}
],
"impacts": [
{
"capecId": "CAPEC-228",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-228 DTD Injection"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:L/SC:N/SI:H/SA:L",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-611",
"description": "CWE-611 Improper Restriction of XML External Entity Reference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-28T13:48:22.127Z",
"orgId": "14ed7db2-1595-443d-9d34-6215bf890778",
"shortName": "Google"
},
"references": [
{
"url": "https://github.com/google/security-research/security/advisories/GHSA-745m-xmq6-g6x7"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "14ed7db2-1595-443d-9d34-6215bf890778",
"assignerShortName": "Google",
"cveId": "CVE-2025-1781",
"datePublished": "2025-03-28T13:48:22.127Z",
"dateReserved": "2025-02-28T15:27:33.252Z",
"dateUpdated": "2025-03-28T14:31:48.212Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-125108 (GCVE-0-2014-125108)
Vulnerability from cvelistv5 – Published: 2023-12-23 16:31 – Updated: 2024-08-06 14:10
VLAI
Title
w3c online-spellchecker-py spellchecker cross site scripting
Summary
A vulnerability was found in w3c online-spellchecker-py up to 20140130. It has been rated as problematic. This issue affects some unknown processing of the file spellchecker. The manipulation leads to cross site scripting. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The identifier of the patch is d6c21fd8187c5db2a50425ff80694149e75d722e. It is recommended to apply a patch to fix this issue. The identifier VDB-248849 was assigned to this vulnerability.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-79 - Cross Site Scripting
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.248849 | vdb-entry |
| https://vuldb.com/?ctiid.248849 | signaturepermissions-required |
| https://github.com/w3c/online-spellchecker-py/com… | patch |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| w3c | online-spellchecker-py |
Affected:
20140130
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2014-125108",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-16T21:32:30.345733Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-16T21:32:36.021Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-06T14:10:56.690Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://vuldb.com/?id.248849"
},
{
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.248849"
},
{
"tags": [
"patch",
"x_transferred"
],
"url": "https://github.com/w3c/online-spellchecker-py/commit/d6c21fd8187c5db2a50425ff80694149e75d722e"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "online-spellchecker-py",
"vendor": "w3c",
"versions": [
{
"status": "affected",
"version": "20140130"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "tool",
"value": "VulDB GitHub Commit Analyzer"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in w3c online-spellchecker-py up to 20140130. It has been rated as problematic. This issue affects some unknown processing of the file spellchecker. The manipulation leads to cross site scripting. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The identifier of the patch is d6c21fd8187c5db2a50425ff80694149e75d722e. It is recommended to apply a patch to fix this issue. The identifier VDB-248849 was assigned to this vulnerability."
},
{
"lang": "de",
"value": "Eine Schwachstelle wurde in w3c online-spellchecker-py bis 20140130 ausgemacht. Sie wurde als problematisch eingestuft. Hierbei geht es um eine nicht exakt ausgemachte Funktion der Datei spellchecker. Durch das Manipulieren mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Die Komplexit\u00e4t eines Angriffs ist eher hoch. Die Ausnutzbarkeit gilt als schwierig. Der Patch wird als d6c21fd8187c5db2a50425ff80694149e75d722e bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 3.1,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 3.1,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 2.6,
"vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross Site Scripting",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-23T16:31:04.015Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://vuldb.com/?id.248849"
},
{
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.248849"
},
{
"tags": [
"patch"
],
"url": "https://github.com/w3c/online-spellchecker-py/commit/d6c21fd8187c5db2a50425ff80694149e75d722e"
}
],
"timeline": [
{
"lang": "en",
"time": "2014-01-31T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2014-01-31T00:00:00.000Z",
"value": "Countermeasure disclosed"
},
{
"lang": "en",
"time": "2023-12-22T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2023-12-22T08:10:36.000Z",
"value": "VulDB entry last update"
}
],
"title": "w3c online-spellchecker-py spellchecker cross site scripting"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2014-125108",
"datePublished": "2023-12-23T16:31:04.015Z",
"dateReserved": "2023-12-22T07:04:45.294Z",
"dateUpdated": "2024-08-06T14:10:56.690Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-4296 (GCVE-0-2021-4296)
Vulnerability from cvelistv5 – Published: 2022-12-29 08:52 – Updated: 2024-08-03 17:23
VLAI
Title
w3c Unicorn ValidatorNuMessage.java ValidatorNuMessage cross site scripting
Summary
A vulnerability, which was classified as problematic, has been found in w3c Unicorn. This issue affects the function ValidatorNuMessage of the file src/org/w3c/unicorn/response/impl/ValidatorNuMessage.java. The manipulation of the argument message leads to cross site scripting. The attack may be initiated remotely. The name of the patch is 51f75c31f7fc33859a9a571311c67ae4e95d9c68. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217019.
Severity
CWE
- CWE-79 - Cross Site Scripting
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.217019 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.217019 | signaturepermissions-required |
| https://github.com/w3c/Unicorn/pull/212 | issue-tracking |
| https://github.com/w3c/Unicorn/commit/51f75c31f7f… | patch |
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:23:10.275Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://vuldb.com/?id.217019"
},
{
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.217019"
},
{
"tags": [
"issue-tracking",
"x_transferred"
],
"url": "https://github.com/w3c/Unicorn/pull/212"
},
{
"tags": [
"patch",
"x_transferred"
],
"url": "https://github.com/w3c/Unicorn/commit/51f75c31f7fc33859a9a571311c67ae4e95d9c68"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Unicorn",
"vendor": "w3c",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "tool",
"value": "VulDB GitHub Commit Analyzer"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as problematic, has been found in w3c Unicorn. This issue affects the function ValidatorNuMessage of the file src/org/w3c/unicorn/response/impl/ValidatorNuMessage.java. The manipulation of the argument message leads to cross site scripting. The attack may be initiated remotely. The name of the patch is 51f75c31f7fc33859a9a571311c67ae4e95d9c68. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217019."
},
{
"lang": "de",
"value": "Eine Schwachstelle wurde in w3c Unicorn entdeckt. Sie wurde als problematisch eingestuft. Hierbei geht es um die Funktion ValidatorNuMessage der Datei src/org/w3c/unicorn/response/impl/ValidatorNuMessage.java. Dank der Manipulation des Arguments message mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Patch wird als 51f75c31f7fc33859a9a571311c67ae4e95d9c68 bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 3.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 3.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross Site Scripting",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-29T08:52:08.121Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.217019"
},
{
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.217019"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/w3c/Unicorn/pull/212"
},
{
"tags": [
"patch"
],
"url": "https://github.com/w3c/Unicorn/commit/51f75c31f7fc33859a9a571311c67ae4e95d9c68"
}
],
"timeline": [
{
"lang": "en",
"time": "2022-12-29T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2022-12-29T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2022-12-29T09:57:05.000Z",
"value": "VulDB last update"
}
],
"title": "w3c Unicorn ValidatorNuMessage.java ValidatorNuMessage cross site scripting"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2021-4296",
"datePublished": "2022-12-29T08:52:08.121Z",
"dateReserved": "2022-12-29T08:51:01.214Z",
"dateUpdated": "2024-08-03T17:23:10.275Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-4070 (GCVE-0-2020-4070)
Vulnerability from cvelistv5 – Published: 2020-06-22 15:40 – Updated: 2024-08-04 07:52
VLAI
Title
Cross-site Scripting in CSS Validator
Summary
In CSS Validator less than or equal to commit 54d68a1, there is a cross-site scripting vulnerability in handling URIs. A user would have to click on a specifically crafted validator link to trigger it. This has been patched in commit e5c09a9.
Severity
4.6 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/w3c/css-validator/security/adv… | x_refsource_CONFIRM |
| https://github.com/w3c/css-validator/commit/e5c09… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| World Wide Web Consortium (W3C) | CSS Validator |
Affected:
<= 54d68a1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T07:52:20.971Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/w3c/css-validator/security/advisories/GHSA-wf36-7w73-rh8c"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/w3c/css-validator/commit/e5c09a9119167d3064db786d5f00d730b584a53b"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CSS Validator",
"vendor": "World Wide Web Consortium (W3C)",
"versions": [
{
"status": "affected",
"version": "\u003c= 54d68a1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In CSS Validator less than or equal to commit 54d68a1, there is a cross-site scripting vulnerability in handling URIs. A user would have to click on a specifically crafted validator link to trigger it. This has been patched in commit e5c09a9."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-06-22T15:40:12.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/w3c/css-validator/security/advisories/GHSA-wf36-7w73-rh8c"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/w3c/css-validator/commit/e5c09a9119167d3064db786d5f00d730b584a53b"
}
],
"source": {
"advisory": "GHSA-wf36-7w73-rh8c",
"discovery": "UNKNOWN"
},
"title": "Cross-site Scripting in CSS Validator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2020-4070",
"STATE": "PUBLIC",
"TITLE": "Cross-site Scripting in CSS Validator"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CSS Validator",
"version": {
"version_data": [
{
"version_value": "\u003c= 54d68a1"
}
]
}
}
]
},
"vendor_name": "World Wide Web Consortium (W3C)"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In CSS Validator less than or equal to commit 54d68a1, there is a cross-site scripting vulnerability in handling URIs. A user would have to click on a specifically crafted validator link to trigger it. This has been patched in commit e5c09a9."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/w3c/css-validator/security/advisories/GHSA-wf36-7w73-rh8c",
"refsource": "CONFIRM",
"url": "https://github.com/w3c/css-validator/security/advisories/GHSA-wf36-7w73-rh8c"
},
{
"name": "https://github.com/w3c/css-validator/commit/e5c09a9119167d3064db786d5f00d730b584a53b",
"refsource": "MISC",
"url": "https://github.com/w3c/css-validator/commit/e5c09a9119167d3064db786d5f00d730b584a53b"
}
]
},
"source": {
"advisory": "GHSA-wf36-7w73-rh8c",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2020-4070",
"datePublished": "2020-06-22T15:40:12.000Z",
"dateReserved": "2019-12-30T00:00:00.000Z",
"dateUpdated": "2024-08-04T07:52:20.971Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-6005 (GCVE-0-2008-6005)
Vulnerability from cvelistv5 – Published: 2009-01-28 20:00 – Updated: 2024-08-07 11:13
VLAI
Summary
Multiple buffer overflows in the CheckUniqueName function in W3C Amaya Web Browser 10.0.1, and possibly other versions including 11.0.1, might allow remote attackers to execute arbitrary code via "duplicated" attribute value inputs.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=… | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/33736 | vdb-entryx_refsource_BID |
Date Public
2008-12-23 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:13:13.967Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=507587#15"
},
{
"name": "33736",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/33736"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-12-23T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple buffer overflows in the CheckUniqueName function in W3C Amaya Web Browser 10.0.1, and possibly other versions including 11.0.1, might allow remote attackers to execute arbitrary code via \"duplicated\" attribute value inputs."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-02-17T10:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=507587#15"
},
{
"name": "33736",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/33736"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6005",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple buffer overflows in the CheckUniqueName function in W3C Amaya Web Browser 10.0.1, and possibly other versions including 11.0.1, might allow remote attackers to execute arbitrary code via \"duplicated\" attribute value inputs."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=507587#15",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=507587#15"
},
{
"name": "33736",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/33736"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-6005",
"datePublished": "2009-01-28T20:00:00.000Z",
"dateReserved": "2009-01-28T00:00:00.000Z",
"dateUpdated": "2024-08-07T11:13:13.967Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-5282 (GCVE-0-2008-5282)
Vulnerability from cvelistv5 – Published: 2008-11-29 02:00 – Updated: 2024-08-07 10:49
VLAI
Summary
Multiple stack-based buffer overflows in W3C Amaya Web Browser 10.0.1 allow remote attackers to execute arbitrary code via (1) a link with a long HREF attribute, and (2) a DIV tag with a long id attribute.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
10 references
| URL | Tags |
|---|---|
| http://www.bmgsec.com.au/advisory/40/ | x_refsource_MISC |
| http://www.securityfocus.com/archive/1/498583/100… | mailing-listx_refsource_BUGTRAQ |
| http://www.securityfocus.com/bid/32442 | vdb-entryx_refsource_BID |
| http://securityreason.com/securityalert/4657 | third-party-advisoryx_refsource_SREASON |
| http://osvdb.org/50282 | vdb-entryx_refsource_OSVDB |
| http://osvdb.org/50283 | vdb-entryx_refsource_OSVDB |
| http://www.securityfocus.com/archive/1/498578/100… | mailing-listx_refsource_BUGTRAQ |
| http://secunia.com/advisories/32848 | third-party-advisoryx_refsource_SECUNIA |
| http://www.vupen.com/english/advisories/2008/3255 | vdb-entryx_refsource_VUPEN |
| http://www.bmgsec.com.au/advisory/41/ | x_refsource_MISC |
Date Public
2008-11-24 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:49:12.569Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.bmgsec.com.au/advisory/40/"
},
{
"name": "20081124 Amaya (id) Remote Stack Overflow Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/498583/100/0/threaded"
},
{
"name": "32442",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/32442"
},
{
"name": "4657",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/4657"
},
{
"name": "50282",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/50282"
},
{
"name": "50283",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/50283"
},
{
"name": "20081124 Amaya (URL Bar) Remote Stack Overflow Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/498578/100/0/threaded"
},
{
"name": "32848",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32848"
},
{
"name": "ADV-2008-3255",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/3255"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.bmgsec.com.au/advisory/41/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-11-24T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple stack-based buffer overflows in W3C Amaya Web Browser 10.0.1 allow remote attackers to execute arbitrary code via (1) a link with a long HREF attribute, and (2) a DIV tag with a long id attribute."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.bmgsec.com.au/advisory/40/"
},
{
"name": "20081124 Amaya (id) Remote Stack Overflow Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/498583/100/0/threaded"
},
{
"name": "32442",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/32442"
},
{
"name": "4657",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/4657"
},
{
"name": "50282",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/50282"
},
{
"name": "50283",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/50283"
},
{
"name": "20081124 Amaya (URL Bar) Remote Stack Overflow Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/498578/100/0/threaded"
},
{
"name": "32848",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32848"
},
{
"name": "ADV-2008-3255",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/3255"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.bmgsec.com.au/advisory/41/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-5282",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple stack-based buffer overflows in W3C Amaya Web Browser 10.0.1 allow remote attackers to execute arbitrary code via (1) a link with a long HREF attribute, and (2) a DIV tag with a long id attribute."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.bmgsec.com.au/advisory/40/",
"refsource": "MISC",
"url": "http://www.bmgsec.com.au/advisory/40/"
},
{
"name": "20081124 Amaya (id) Remote Stack Overflow Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/498583/100/0/threaded"
},
{
"name": "32442",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/32442"
},
{
"name": "4657",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4657"
},
{
"name": "50282",
"refsource": "OSVDB",
"url": "http://osvdb.org/50282"
},
{
"name": "50283",
"refsource": "OSVDB",
"url": "http://osvdb.org/50283"
},
{
"name": "20081124 Amaya (URL Bar) Remote Stack Overflow Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/498578/100/0/threaded"
},
{
"name": "32848",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32848"
},
{
"name": "ADV-2008-3255",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/3255"
},
{
"name": "http://www.bmgsec.com.au/advisory/41/",
"refsource": "MISC",
"url": "http://www.bmgsec.com.au/advisory/41/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-5282",
"datePublished": "2008-11-29T02:00:00.000Z",
"dateReserved": "2008-11-28T00:00:00.000Z",
"dateUpdated": "2024-08-07T10:49:12.569Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-1900 (GCVE-0-2006-1900)
Vulnerability from cvelistv5 – Published: 2006-04-20 10:00 – Updated: 2024-08-07 17:27
VLAI
Summary
Multiple buffer overflows in World Wide Web Consortium (W3C) Amaya 9.4, and possibly other versions including 8.x before 8.8.5, allow remote attackers to execute arbitrary code via a long value in (1) the COMPACT attribute of the COLGROUP element, (2) the ROWS attribute of the TEXTAREA element, and (3) the COLOR attribute of the LEGEND element; and via other unspecified attack vectors consisting of "dozens of possible snippets."
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
10 references
| URL | Tags |
|---|---|
| http://www.vupen.com/english/advisories/2006/1351 | vdb-entryx_refsource_VUPEN |
| http://www.securityfocus.com/archive/1/430877/100… | mailing-listx_refsource_BUGTRAQ |
| http://morph3us.org/advisories/20060412-amaya-94.txt | x_refsource_MISC |
| http://secunia.com/advisories/19670 | third-party-advisoryx_refsource_SECUNIA |
| http://www.securityfocus.com/bid/17507 | vdb-entryx_refsource_BID |
| http://www.osvdb.org/24624 | vdb-entryx_refsource_OSVDB |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.securityfocus.com/archive/1/430879/100… | mailing-listx_refsource_BUGTRAQ |
| http://www.osvdb.org/24623 | vdb-entryx_refsource_OSVDB |
| http://morph3us.org/advisories/20060412-amaya-94-2.txt | x_refsource_MISC |
Date Public
2006-04-12 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T17:27:29.459Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2006-1351",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/1351"
},
{
"name": "20060412 [BuHa-Security] Stack Based Buffer Overflow Vulnerability in Amaya 9.4",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/430877/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://morph3us.org/advisories/20060412-amaya-94.txt"
},
{
"name": "19670",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19670"
},
{
"name": "17507",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/17507"
},
{
"name": "24624",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/24624"
},
{
"name": "amaya-various-attribute-bo(25791)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25791"
},
{
"name": "20060412 [BuHa-Security] Stack Based Buffer Overflow Vulnerability in Amaya 9.4 #2",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/430879/100/0/threaded"
},
{
"name": "24623",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/24623"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://morph3us.org/advisories/20060412-amaya-94-2.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-04-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple buffer overflows in World Wide Web Consortium (W3C) Amaya 9.4, and possibly other versions including 8.x before 8.8.5, allow remote attackers to execute arbitrary code via a long value in (1) the COMPACT attribute of the COLGROUP element, (2) the ROWS attribute of the TEXTAREA element, and (3) the COLOR attribute of the LEGEND element; and via other unspecified attack vectors consisting of \"dozens of possible snippets.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-18T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2006-1351",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/1351"
},
{
"name": "20060412 [BuHa-Security] Stack Based Buffer Overflow Vulnerability in Amaya 9.4",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/430877/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://morph3us.org/advisories/20060412-amaya-94.txt"
},
{
"name": "19670",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19670"
},
{
"name": "17507",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/17507"
},
{
"name": "24624",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/24624"
},
{
"name": "amaya-various-attribute-bo(25791)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25791"
},
{
"name": "20060412 [BuHa-Security] Stack Based Buffer Overflow Vulnerability in Amaya 9.4 #2",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/430879/100/0/threaded"
},
{
"name": "24623",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/24623"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://morph3us.org/advisories/20060412-amaya-94-2.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1900",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple buffer overflows in World Wide Web Consortium (W3C) Amaya 9.4, and possibly other versions including 8.x before 8.8.5, allow remote attackers to execute arbitrary code via a long value in (1) the COMPACT attribute of the COLGROUP element, (2) the ROWS attribute of the TEXTAREA element, and (3) the COLOR attribute of the LEGEND element; and via other unspecified attack vectors consisting of \"dozens of possible snippets.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2006-1351",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1351"
},
{
"name": "20060412 [BuHa-Security] Stack Based Buffer Overflow Vulnerability in Amaya 9.4",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/430877/100/0/threaded"
},
{
"name": "http://morph3us.org/advisories/20060412-amaya-94.txt",
"refsource": "MISC",
"url": "http://morph3us.org/advisories/20060412-amaya-94.txt"
},
{
"name": "19670",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19670"
},
{
"name": "17507",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17507"
},
{
"name": "24624",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/24624"
},
{
"name": "amaya-various-attribute-bo(25791)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25791"
},
{
"name": "20060412 [BuHa-Security] Stack Based Buffer Overflow Vulnerability in Amaya 9.4 #2",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/430879/100/0/threaded"
},
{
"name": "24623",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/24623"
},
{
"name": "http://morph3us.org/advisories/20060412-amaya-94-2.txt",
"refsource": "MISC",
"url": "http://morph3us.org/advisories/20060412-amaya-94-2.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-1900",
"datePublished": "2006-04-20T10:00:00.000Z",
"dateReserved": "2006-04-20T00:00:00.000Z",
"dateUpdated": "2024-08-07T17:27:29.459Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-3183 (GCVE-0-2005-3183)
Vulnerability from cvelistv5 – Published: 2005-10-12 04:00 – Updated: 2024-08-07 23:01
VLAI
Summary
The HTBoundary_put_block function in HTBound.c for W3C libwww (w3c-libwww) allows remote servers to cause a denial of service (segmentation fault) via a crafted multipart/byteranges MIME message that triggers an out-of-bounds read.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
15 references
Date Public
2005-10-12 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:01:58.785Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "oval:org.mitre.oval:def:9653",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9653"
},
{
"name": "MDKSA-2005:210",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:210"
},
{
"name": "25098",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25098"
},
{
"name": "FEDORA-2005-953",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://www.securityfocus.com/advisories/9444"
},
{
"name": "FEDORA-2005-952",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://www.securityfocus.com/advisories/9445"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=159597"
},
{
"name": "RHSA-2007:0208",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0208.html"
},
{
"name": "17814",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17814"
},
{
"name": "17122",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17122"
},
{
"name": "17489",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17489"
},
{
"name": "USN-220-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/220-1/"
},
{
"name": "19193",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19193"
},
{
"name": "SCOSA-2006.10",
"tags": [
"vendor-advisory",
"x_refsource_SCO",
"x_transferred"
],
"url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.10/SCOSA-2006.10.txt"
},
{
"name": "15035",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/15035"
},
{
"name": "17119",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17119"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-10-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The HTBoundary_put_block function in HTBound.c for W3C libwww (w3c-libwww) allows remote servers to cause a denial of service (segmentation fault) via a crafted multipart/byteranges MIME message that triggers an out-of-bounds read."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-03T20:57:01.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "oval:org.mitre.oval:def:9653",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9653"
},
{
"name": "MDKSA-2005:210",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:210"
},
{
"name": "25098",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25098"
},
{
"name": "FEDORA-2005-953",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://www.securityfocus.com/advisories/9444"
},
{
"name": "FEDORA-2005-952",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://www.securityfocus.com/advisories/9445"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=159597"
},
{
"name": "RHSA-2007:0208",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0208.html"
},
{
"name": "17814",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17814"
},
{
"name": "17122",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17122"
},
{
"name": "17489",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17489"
},
{
"name": "USN-220-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/220-1/"
},
{
"name": "19193",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19193"
},
{
"name": "SCOSA-2006.10",
"tags": [
"vendor-advisory",
"x_refsource_SCO"
],
"url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.10/SCOSA-2006.10.txt"
},
{
"name": "15035",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/15035"
},
{
"name": "17119",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17119"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2005-3183",
"datePublished": "2005-10-12T04:00:00.000Z",
"dateReserved": "2005-10-12T00:00:00.000Z",
"dateUpdated": "2024-08-07T23:01:58.785Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-2274 (GCVE-0-2004-2274)
Vulnerability from cvelistv5 – Published: 2005-07-19 04:00 – Updated: 2024-08-08 01:22
VLAI
Summary
Unknown vulnerability in Jigsaw before 2.2.4 has unknown impact and attack vectors, possibly related to the parsing of the URI.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://securitytracker.com/id?1009169 | vdb-entryx_refsource_SECTRACK |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.w3.org/Jigsaw/RelNotes.html#2.2.4 | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/9711 | vdb-entryx_refsource_BID |
| http://www.osvdb.org/4014 | vdb-entryx_refsource_OSVDB |
| http://secunia.com/advisories/10975 | third-party-advisoryx_refsource_SECUNIA |
Date Public
2004-02-18 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:22:13.219Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1009169",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1009169"
},
{
"name": "jigsaw-url-execute-code(15298)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15298"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.w3.org/Jigsaw/RelNotes.html#2.2.4"
},
{
"name": "9711",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/9711"
},
{
"name": "4014",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/4014"
},
{
"name": "10975",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/10975"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-02-18T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Unknown vulnerability in Jigsaw before 2.2.4 has unknown impact and attack vectors, possibly related to the parsing of the URI."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1009169",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1009169"
},
{
"name": "jigsaw-url-execute-code(15298)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15298"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.w3.org/Jigsaw/RelNotes.html#2.2.4"
},
{
"name": "9711",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/9711"
},
{
"name": "4014",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/4014"
},
{
"name": "10975",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/10975"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-2274",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unknown vulnerability in Jigsaw before 2.2.4 has unknown impact and attack vectors, possibly related to the parsing of the URI."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1009169",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1009169"
},
{
"name": "jigsaw-url-execute-code(15298)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15298"
},
{
"name": "http://www.w3.org/Jigsaw/RelNotes.html#2.2.4",
"refsource": "CONFIRM",
"url": "http://www.w3.org/Jigsaw/RelNotes.html#2.2.4"
},
{
"name": "9711",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/9711"
},
{
"name": "4014",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/4014"
},
{
"name": "10975",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/10975"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-2274",
"datePublished": "2005-07-19T04:00:00.000Z",
"dateReserved": "2005-07-19T00:00:00.000Z",
"dateUpdated": "2024-08-08T01:22:13.219Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2002-1053 (GCVE-0-2002-1053)
Vulnerability from cvelistv5 – Published: 2003-04-02 05:00 – Updated: 2024-08-08 03:12
VLAI
Summary
Cross-site scripting (XSS) vulnerability in W3C Jigsaw Proxy Server before 2.2.1 allows remote attackers to execute arbitrary script via a URL that contains a reference to a nonexistent host followed by the script, which is included in the resulting error message.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| http://www.osvdb.org/4015 | vdb-entryx_refsource_OSVDB |
| http://archives.neohapsis.com/archives/bugtraq/20… | mailing-listx_refsource_BUGTRAQ |
| http://www.iss.net/security_center/static/9914.php | vdb-entryx_refsource_XF |
| http://www.securityfocus.com/bid/5506 | vdb-entryx_refsource_BID |
| http://www.w3.org/Jigsaw/RelNotes.html#2.2.1 | x_refsource_CONFIRM |
Date Public
2002-08-17 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T03:12:17.119Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "4015",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/4015"
},
{
"name": "20020817 W3C Jigsaw Proxy Server: Cross-Site Scripting Vulnerability (REPOST)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-08/0190.html"
},
{
"name": "jigsaw-http-proxy-xss(9914)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/9914.php"
},
{
"name": "5506",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/5506"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.w3.org/Jigsaw/RelNotes.html#2.2.1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-08-17T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in W3C Jigsaw Proxy Server before 2.2.1 allows remote attackers to execute arbitrary script via a URL that contains a reference to a nonexistent host followed by the script, which is included in the resulting error message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2003-03-25T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "4015",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/4015"
},
{
"name": "20020817 W3C Jigsaw Proxy Server: Cross-Site Scripting Vulnerability (REPOST)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-08/0190.html"
},
{
"name": "jigsaw-http-proxy-xss(9914)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/9914.php"
},
{
"name": "5506",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/5506"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.w3.org/Jigsaw/RelNotes.html#2.2.1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-1053",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in W3C Jigsaw Proxy Server before 2.2.1 allows remote attackers to execute arbitrary script via a URL that contains a reference to a nonexistent host followed by the script, which is included in the resulting error message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "4015",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/4015"
},
{
"name": "20020817 W3C Jigsaw Proxy Server: Cross-Site Scripting Vulnerability (REPOST)",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-08/0190.html"
},
{
"name": "jigsaw-http-proxy-xss(9914)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/9914.php"
},
{
"name": "5506",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5506"
},
{
"name": "http://www.w3.org/Jigsaw/RelNotes.html#2.2.1",
"refsource": "CONFIRM",
"url": "http://www.w3.org/Jigsaw/RelNotes.html#2.2.1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-1053",
"datePublished": "2003-04-02T05:00:00.000Z",
"dateReserved": "2002-08-30T00:00:00.000Z",
"dateUpdated": "2024-08-08T03:12:17.119Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2002-1445 (GCVE-0-2002-1445)
Vulnerability from cvelistv5 – Published: 2003-03-18 05:00 – Updated: 2024-08-08 03:26
VLAI
Summary
Cross-site scripting (XSS) vulnerability in CERN Proxy Server allows remote attackers to execute script as other users via a link to a non-existent page whose name contains the script, which is inserted into the resulting error page.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://archives.neohapsis.com/archives/bugtraq/20… | mailing-listx_refsource_BUGTRAQ |
| http://www.securityfocus.com/bid/5447 | vdb-entryx_refsource_BID |
| http://www.iss.net/security_center/static/9834.php | vdb-entryx_refsource_XF |
Date Public
2002-08-11 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T03:26:28.278Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20020811 CERN Proxy Server: Cross-Site Scripting Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-08/0097.html"
},
{
"name": "5447",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/5447"
},
{
"name": "cern-proxy-xss(9834)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/9834.php"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-08-11T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in CERN Proxy Server allows remote attackers to execute script as other users via a link to a non-existent page whose name contains the script, which is inserted into the resulting error page."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2003-03-21T10:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20020811 CERN Proxy Server: Cross-Site Scripting Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-08/0097.html"
},
{
"name": "5447",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/5447"
},
{
"name": "cern-proxy-xss(9834)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/9834.php"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-1445",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in CERN Proxy Server allows remote attackers to execute script as other users via a link to a non-existent page whose name contains the script, which is inserted into the resulting error page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20020811 CERN Proxy Server: Cross-Site Scripting Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-08/0097.html"
},
{
"name": "5447",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5447"
},
{
"name": "cern-proxy-xss(9834)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/9834.php"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-1445",
"datePublished": "2003-03-18T05:00:00.000Z",
"dateReserved": "2003-02-05T00:00:00.000Z",
"dateUpdated": "2024-08-08T03:26:28.278Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2002-1052 (GCVE-0-2002-1052)
Vulnerability from cvelistv5 – Published: 2002-08-31 04:00 – Updated: 2024-08-08 03:12
VLAI
Summary
Jigsaw 2.2.1 on Windows systems allows remote attackers to use MS-DOS device names in HTTP requests to (1) cause a denial of service using the "con" device, or (2) obtain the physical path of the server using two requests to the "aux" device.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
8 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/5258 | vdb-entryx_refsource_BID |
| http://www.iss.net/security_center/static/9587.php | vdb-entryx_refsource_XF |
| http://marc.info/?l=bugtraq&m=102691753204392&w=2 | mailing-listx_refsource_BUGTRAQ |
| http://marc.info/?l=bugtraq&m=102692936820193&w=2 | mailing-listx_refsource_BUGTRAQ |
| http://www.iss.net/security_center/static/9586.php | vdb-entryx_refsource_XF |
| http://archives.neohapsis.com/archives/vulnwatch/… | mailing-listx_refsource_VULNWATCH |
| http://www.securityfocus.com/bid/5251 | vdb-entryx_refsource_BID |
| http://archives.neohapsis.com/archives/vulnwatch/… | mailing-listx_refsource_VULNWATCH |
Date Public
2002-07-17 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T03:12:17.079Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "5258",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/5258"
},
{
"name": "jigsaw-dos-device-dos(9587)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/9587.php"
},
{
"name": "20020717 KPMG-2002031: Jigsaw Webserver Path Disclosure",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=102691753204392\u0026w=2"
},
{
"name": "20020717 KPMG-2002034: Jigsaw Webserver DOS device DoS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=102692936820193\u0026w=2"
},
{
"name": "jigsaw-aux-path-disclosure(9586)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/9586.php"
},
{
"name": "20020717 [VulnWatch] KPMG-2002034: Jigsaw Webserver DOS device DoS",
"tags": [
"mailing-list",
"x_refsource_VULNWATCH",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0031.html"
},
{
"name": "5251",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/5251"
},
{
"name": "20020717 [VulnWatch] KPMG-2002031: Jigsaw Webserver Path Disclosure",
"tags": [
"mailing-list",
"x_refsource_VULNWATCH",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0028.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-07-17T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Jigsaw 2.2.1 on Windows systems allows remote attackers to use MS-DOS device names in HTTP requests to (1) cause a denial of service using the \"con\" device, or (2) obtain the physical path of the server using two requests to the \"aux\" device."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-10-17T13:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "5258",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/5258"
},
{
"name": "jigsaw-dos-device-dos(9587)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/9587.php"
},
{
"name": "20020717 KPMG-2002031: Jigsaw Webserver Path Disclosure",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=102691753204392\u0026w=2"
},
{
"name": "20020717 KPMG-2002034: Jigsaw Webserver DOS device DoS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=102692936820193\u0026w=2"
},
{
"name": "jigsaw-aux-path-disclosure(9586)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/9586.php"
},
{
"name": "20020717 [VulnWatch] KPMG-2002034: Jigsaw Webserver DOS device DoS",
"tags": [
"mailing-list",
"x_refsource_VULNWATCH"
],
"url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0031.html"
},
{
"name": "5251",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/5251"
},
{
"name": "20020717 [VulnWatch] KPMG-2002031: Jigsaw Webserver Path Disclosure",
"tags": [
"mailing-list",
"x_refsource_VULNWATCH"
],
"url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0028.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-1052",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Jigsaw 2.2.1 on Windows systems allows remote attackers to use MS-DOS device names in HTTP requests to (1) cause a denial of service using the \"con\" device, or (2) obtain the physical path of the server using two requests to the \"aux\" device."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "5258",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5258"
},
{
"name": "jigsaw-dos-device-dos(9587)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/9587.php"
},
{
"name": "20020717 KPMG-2002031: Jigsaw Webserver Path Disclosure",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=102691753204392\u0026w=2"
},
{
"name": "20020717 KPMG-2002034: Jigsaw Webserver DOS device DoS",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=102692936820193\u0026w=2"
},
{
"name": "jigsaw-aux-path-disclosure(9586)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/9586.php"
},
{
"name": "20020717 [VulnWatch] KPMG-2002034: Jigsaw Webserver DOS device DoS",
"refsource": "VULNWATCH",
"url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0031.html"
},
{
"name": "5251",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5251"
},
{
"name": "20020717 [VulnWatch] KPMG-2002031: Jigsaw Webserver Path Disclosure",
"refsource": "VULNWATCH",
"url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0028.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-1052",
"datePublished": "2002-08-31T04:00:00.000Z",
"dateReserved": "2002-08-30T00:00:00.000Z",
"dateUpdated": "2024-08-08T03:12:17.079Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2000-0079 (GCVE-0-2000-0079)
Vulnerability from cvelistv5 – Published: 2000-02-04 05:00 – Updated: 2024-08-08 05:05
VLAI
Summary
The W3C CERN httpd HTTP server allows remote attackers to determine the real pathnames of some commands via a request for a nonexistent URL.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/936 | vdb-entryx_refsource_BID |
Date Public
2000-01-18 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T05:05:53.929Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "936",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/936"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2000-01-18T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The W3C CERN httpd HTTP server allows remote attackers to determine the real pathnames of some commands via a request for a nonexistent URL."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2001-12-16T10:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "936",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/936"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2000-0079",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The W3C CERN httpd HTTP server allows remote attackers to determine the real pathnames of some commands via a request for a nonexistent URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "936",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/936"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2000-0079",
"datePublished": "2000-02-04T05:00:00.000Z",
"dateReserved": "2000-01-22T00:00:00.000Z",
"dateUpdated": "2024-08-08T05:05:53.929Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-1781 (GCVE-0-2025-1781)
Vulnerability from nvd – Published: 2025-03-28 13:48 – Updated: 2025-03-28 14:31
VLAI
Summary
There is a XXE in W3CSS Validator versions before cssval-20250226 that allows an attacker to use specially-crafted XML objects to coerce server-side request forgery (SSRF). This could be exploited to read arbitrary local files if an attacker has access to exception messages.
Severity
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-611 - Improper Restriction of XML External Entity Reference
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| W3C | CSS Validator |
Affected:
< cssval-20250226
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-1781",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-28T14:31:41.439285Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-28T14:31:48.212Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "CSS Validator",
"vendor": "W3C",
"versions": [
{
"status": "affected",
"version": "\u003c cssval-20250226"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "There is a XXE in W3CSS Validator versions before\u0026nbsp;cssval-20250226 that allows an attacker to use specially-crafted XML objects to coerce server-side request forgery (SSRF).\u0026nbsp; This could be exploited to read arbitrary local files if an attacker has access to exception messages."
}
],
"value": "There is a XXE in W3CSS Validator versions before\u00a0cssval-20250226 that allows an attacker to use specially-crafted XML objects to coerce server-side request forgery (SSRF).\u00a0 This could be exploited to read arbitrary local files if an attacker has access to exception messages."
}
],
"impacts": [
{
"capecId": "CAPEC-228",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-228 DTD Injection"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:L/SC:N/SI:H/SA:L",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-611",
"description": "CWE-611 Improper Restriction of XML External Entity Reference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-28T13:48:22.127Z",
"orgId": "14ed7db2-1595-443d-9d34-6215bf890778",
"shortName": "Google"
},
"references": [
{
"url": "https://github.com/google/security-research/security/advisories/GHSA-745m-xmq6-g6x7"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "14ed7db2-1595-443d-9d34-6215bf890778",
"assignerShortName": "Google",
"cveId": "CVE-2025-1781",
"datePublished": "2025-03-28T13:48:22.127Z",
"dateReserved": "2025-02-28T15:27:33.252Z",
"dateUpdated": "2025-03-28T14:31:48.212Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-125108 (GCVE-0-2014-125108)
Vulnerability from nvd – Published: 2023-12-23 16:31 – Updated: 2024-08-06 14:10
VLAI
Title
w3c online-spellchecker-py spellchecker cross site scripting
Summary
A vulnerability was found in w3c online-spellchecker-py up to 20140130. It has been rated as problematic. This issue affects some unknown processing of the file spellchecker. The manipulation leads to cross site scripting. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The identifier of the patch is d6c21fd8187c5db2a50425ff80694149e75d722e. It is recommended to apply a patch to fix this issue. The identifier VDB-248849 was assigned to this vulnerability.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-79 - Cross Site Scripting
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.248849 | vdb-entry |
| https://vuldb.com/?ctiid.248849 | signaturepermissions-required |
| https://github.com/w3c/online-spellchecker-py/com… | patch |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| w3c | online-spellchecker-py |
Affected:
20140130
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2014-125108",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-16T21:32:30.345733Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-16T21:32:36.021Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-06T14:10:56.690Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://vuldb.com/?id.248849"
},
{
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.248849"
},
{
"tags": [
"patch",
"x_transferred"
],
"url": "https://github.com/w3c/online-spellchecker-py/commit/d6c21fd8187c5db2a50425ff80694149e75d722e"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "online-spellchecker-py",
"vendor": "w3c",
"versions": [
{
"status": "affected",
"version": "20140130"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "tool",
"value": "VulDB GitHub Commit Analyzer"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in w3c online-spellchecker-py up to 20140130. It has been rated as problematic. This issue affects some unknown processing of the file spellchecker. The manipulation leads to cross site scripting. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The identifier of the patch is d6c21fd8187c5db2a50425ff80694149e75d722e. It is recommended to apply a patch to fix this issue. The identifier VDB-248849 was assigned to this vulnerability."
},
{
"lang": "de",
"value": "Eine Schwachstelle wurde in w3c online-spellchecker-py bis 20140130 ausgemacht. Sie wurde als problematisch eingestuft. Hierbei geht es um eine nicht exakt ausgemachte Funktion der Datei spellchecker. Durch das Manipulieren mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Die Komplexit\u00e4t eines Angriffs ist eher hoch. Die Ausnutzbarkeit gilt als schwierig. Der Patch wird als d6c21fd8187c5db2a50425ff80694149e75d722e bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 3.1,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 3.1,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 2.6,
"vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross Site Scripting",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-23T16:31:04.015Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://vuldb.com/?id.248849"
},
{
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.248849"
},
{
"tags": [
"patch"
],
"url": "https://github.com/w3c/online-spellchecker-py/commit/d6c21fd8187c5db2a50425ff80694149e75d722e"
}
],
"timeline": [
{
"lang": "en",
"time": "2014-01-31T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2014-01-31T00:00:00.000Z",
"value": "Countermeasure disclosed"
},
{
"lang": "en",
"time": "2023-12-22T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2023-12-22T08:10:36.000Z",
"value": "VulDB entry last update"
}
],
"title": "w3c online-spellchecker-py spellchecker cross site scripting"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2014-125108",
"datePublished": "2023-12-23T16:31:04.015Z",
"dateReserved": "2023-12-22T07:04:45.294Z",
"dateUpdated": "2024-08-06T14:10:56.690Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-4296 (GCVE-0-2021-4296)
Vulnerability from nvd – Published: 2022-12-29 08:52 – Updated: 2024-08-03 17:23
VLAI
Title
w3c Unicorn ValidatorNuMessage.java ValidatorNuMessage cross site scripting
Summary
A vulnerability, which was classified as problematic, has been found in w3c Unicorn. This issue affects the function ValidatorNuMessage of the file src/org/w3c/unicorn/response/impl/ValidatorNuMessage.java. The manipulation of the argument message leads to cross site scripting. The attack may be initiated remotely. The name of the patch is 51f75c31f7fc33859a9a571311c67ae4e95d9c68. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217019.
Severity
CWE
- CWE-79 - Cross Site Scripting
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.217019 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.217019 | signaturepermissions-required |
| https://github.com/w3c/Unicorn/pull/212 | issue-tracking |
| https://github.com/w3c/Unicorn/commit/51f75c31f7f… | patch |
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:23:10.275Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://vuldb.com/?id.217019"
},
{
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.217019"
},
{
"tags": [
"issue-tracking",
"x_transferred"
],
"url": "https://github.com/w3c/Unicorn/pull/212"
},
{
"tags": [
"patch",
"x_transferred"
],
"url": "https://github.com/w3c/Unicorn/commit/51f75c31f7fc33859a9a571311c67ae4e95d9c68"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Unicorn",
"vendor": "w3c",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "tool",
"value": "VulDB GitHub Commit Analyzer"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as problematic, has been found in w3c Unicorn. This issue affects the function ValidatorNuMessage of the file src/org/w3c/unicorn/response/impl/ValidatorNuMessage.java. The manipulation of the argument message leads to cross site scripting. The attack may be initiated remotely. The name of the patch is 51f75c31f7fc33859a9a571311c67ae4e95d9c68. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217019."
},
{
"lang": "de",
"value": "Eine Schwachstelle wurde in w3c Unicorn entdeckt. Sie wurde als problematisch eingestuft. Hierbei geht es um die Funktion ValidatorNuMessage der Datei src/org/w3c/unicorn/response/impl/ValidatorNuMessage.java. Dank der Manipulation des Arguments message mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Patch wird als 51f75c31f7fc33859a9a571311c67ae4e95d9c68 bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 3.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 3.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross Site Scripting",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-29T08:52:08.121Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.217019"
},
{
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.217019"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/w3c/Unicorn/pull/212"
},
{
"tags": [
"patch"
],
"url": "https://github.com/w3c/Unicorn/commit/51f75c31f7fc33859a9a571311c67ae4e95d9c68"
}
],
"timeline": [
{
"lang": "en",
"time": "2022-12-29T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2022-12-29T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2022-12-29T09:57:05.000Z",
"value": "VulDB last update"
}
],
"title": "w3c Unicorn ValidatorNuMessage.java ValidatorNuMessage cross site scripting"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2021-4296",
"datePublished": "2022-12-29T08:52:08.121Z",
"dateReserved": "2022-12-29T08:51:01.214Z",
"dateUpdated": "2024-08-03T17:23:10.275Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-4070 (GCVE-0-2020-4070)
Vulnerability from nvd – Published: 2020-06-22 15:40 – Updated: 2024-08-04 07:52
VLAI
Title
Cross-site Scripting in CSS Validator
Summary
In CSS Validator less than or equal to commit 54d68a1, there is a cross-site scripting vulnerability in handling URIs. A user would have to click on a specifically crafted validator link to trigger it. This has been patched in commit e5c09a9.
Severity
4.6 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/w3c/css-validator/security/adv… | x_refsource_CONFIRM |
| https://github.com/w3c/css-validator/commit/e5c09… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| World Wide Web Consortium (W3C) | CSS Validator |
Affected:
<= 54d68a1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T07:52:20.971Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/w3c/css-validator/security/advisories/GHSA-wf36-7w73-rh8c"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/w3c/css-validator/commit/e5c09a9119167d3064db786d5f00d730b584a53b"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CSS Validator",
"vendor": "World Wide Web Consortium (W3C)",
"versions": [
{
"status": "affected",
"version": "\u003c= 54d68a1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In CSS Validator less than or equal to commit 54d68a1, there is a cross-site scripting vulnerability in handling URIs. A user would have to click on a specifically crafted validator link to trigger it. This has been patched in commit e5c09a9."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-06-22T15:40:12.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/w3c/css-validator/security/advisories/GHSA-wf36-7w73-rh8c"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/w3c/css-validator/commit/e5c09a9119167d3064db786d5f00d730b584a53b"
}
],
"source": {
"advisory": "GHSA-wf36-7w73-rh8c",
"discovery": "UNKNOWN"
},
"title": "Cross-site Scripting in CSS Validator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2020-4070",
"STATE": "PUBLIC",
"TITLE": "Cross-site Scripting in CSS Validator"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CSS Validator",
"version": {
"version_data": [
{
"version_value": "\u003c= 54d68a1"
}
]
}
}
]
},
"vendor_name": "World Wide Web Consortium (W3C)"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In CSS Validator less than or equal to commit 54d68a1, there is a cross-site scripting vulnerability in handling URIs. A user would have to click on a specifically crafted validator link to trigger it. This has been patched in commit e5c09a9."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/w3c/css-validator/security/advisories/GHSA-wf36-7w73-rh8c",
"refsource": "CONFIRM",
"url": "https://github.com/w3c/css-validator/security/advisories/GHSA-wf36-7w73-rh8c"
},
{
"name": "https://github.com/w3c/css-validator/commit/e5c09a9119167d3064db786d5f00d730b584a53b",
"refsource": "MISC",
"url": "https://github.com/w3c/css-validator/commit/e5c09a9119167d3064db786d5f00d730b584a53b"
}
]
},
"source": {
"advisory": "GHSA-wf36-7w73-rh8c",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2020-4070",
"datePublished": "2020-06-22T15:40:12.000Z",
"dateReserved": "2019-12-30T00:00:00.000Z",
"dateUpdated": "2024-08-04T07:52:20.971Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-6005 (GCVE-0-2008-6005)
Vulnerability from nvd – Published: 2009-01-28 20:00 – Updated: 2024-08-07 11:13
VLAI
Summary
Multiple buffer overflows in the CheckUniqueName function in W3C Amaya Web Browser 10.0.1, and possibly other versions including 11.0.1, might allow remote attackers to execute arbitrary code via "duplicated" attribute value inputs.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=… | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/33736 | vdb-entryx_refsource_BID |
Date Public
2008-12-23 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:13:13.967Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=507587#15"
},
{
"name": "33736",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/33736"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-12-23T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple buffer overflows in the CheckUniqueName function in W3C Amaya Web Browser 10.0.1, and possibly other versions including 11.0.1, might allow remote attackers to execute arbitrary code via \"duplicated\" attribute value inputs."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-02-17T10:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=507587#15"
},
{
"name": "33736",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/33736"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6005",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple buffer overflows in the CheckUniqueName function in W3C Amaya Web Browser 10.0.1, and possibly other versions including 11.0.1, might allow remote attackers to execute arbitrary code via \"duplicated\" attribute value inputs."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=507587#15",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=507587#15"
},
{
"name": "33736",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/33736"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-6005",
"datePublished": "2009-01-28T20:00:00.000Z",
"dateReserved": "2009-01-28T00:00:00.000Z",
"dateUpdated": "2024-08-07T11:13:13.967Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-5282 (GCVE-0-2008-5282)
Vulnerability from nvd – Published: 2008-11-29 02:00 – Updated: 2024-08-07 10:49
VLAI
Summary
Multiple stack-based buffer overflows in W3C Amaya Web Browser 10.0.1 allow remote attackers to execute arbitrary code via (1) a link with a long HREF attribute, and (2) a DIV tag with a long id attribute.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
10 references
| URL | Tags |
|---|---|
| http://www.bmgsec.com.au/advisory/40/ | x_refsource_MISC |
| http://www.securityfocus.com/archive/1/498583/100… | mailing-listx_refsource_BUGTRAQ |
| http://www.securityfocus.com/bid/32442 | vdb-entryx_refsource_BID |
| http://securityreason.com/securityalert/4657 | third-party-advisoryx_refsource_SREASON |
| http://osvdb.org/50282 | vdb-entryx_refsource_OSVDB |
| http://osvdb.org/50283 | vdb-entryx_refsource_OSVDB |
| http://www.securityfocus.com/archive/1/498578/100… | mailing-listx_refsource_BUGTRAQ |
| http://secunia.com/advisories/32848 | third-party-advisoryx_refsource_SECUNIA |
| http://www.vupen.com/english/advisories/2008/3255 | vdb-entryx_refsource_VUPEN |
| http://www.bmgsec.com.au/advisory/41/ | x_refsource_MISC |
Date Public
2008-11-24 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:49:12.569Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.bmgsec.com.au/advisory/40/"
},
{
"name": "20081124 Amaya (id) Remote Stack Overflow Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/498583/100/0/threaded"
},
{
"name": "32442",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/32442"
},
{
"name": "4657",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/4657"
},
{
"name": "50282",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/50282"
},
{
"name": "50283",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/50283"
},
{
"name": "20081124 Amaya (URL Bar) Remote Stack Overflow Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/498578/100/0/threaded"
},
{
"name": "32848",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32848"
},
{
"name": "ADV-2008-3255",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/3255"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.bmgsec.com.au/advisory/41/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-11-24T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple stack-based buffer overflows in W3C Amaya Web Browser 10.0.1 allow remote attackers to execute arbitrary code via (1) a link with a long HREF attribute, and (2) a DIV tag with a long id attribute."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.bmgsec.com.au/advisory/40/"
},
{
"name": "20081124 Amaya (id) Remote Stack Overflow Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/498583/100/0/threaded"
},
{
"name": "32442",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/32442"
},
{
"name": "4657",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/4657"
},
{
"name": "50282",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/50282"
},
{
"name": "50283",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/50283"
},
{
"name": "20081124 Amaya (URL Bar) Remote Stack Overflow Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/498578/100/0/threaded"
},
{
"name": "32848",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32848"
},
{
"name": "ADV-2008-3255",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/3255"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.bmgsec.com.au/advisory/41/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-5282",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple stack-based buffer overflows in W3C Amaya Web Browser 10.0.1 allow remote attackers to execute arbitrary code via (1) a link with a long HREF attribute, and (2) a DIV tag with a long id attribute."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.bmgsec.com.au/advisory/40/",
"refsource": "MISC",
"url": "http://www.bmgsec.com.au/advisory/40/"
},
{
"name": "20081124 Amaya (id) Remote Stack Overflow Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/498583/100/0/threaded"
},
{
"name": "32442",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/32442"
},
{
"name": "4657",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4657"
},
{
"name": "50282",
"refsource": "OSVDB",
"url": "http://osvdb.org/50282"
},
{
"name": "50283",
"refsource": "OSVDB",
"url": "http://osvdb.org/50283"
},
{
"name": "20081124 Amaya (URL Bar) Remote Stack Overflow Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/498578/100/0/threaded"
},
{
"name": "32848",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32848"
},
{
"name": "ADV-2008-3255",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/3255"
},
{
"name": "http://www.bmgsec.com.au/advisory/41/",
"refsource": "MISC",
"url": "http://www.bmgsec.com.au/advisory/41/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-5282",
"datePublished": "2008-11-29T02:00:00.000Z",
"dateReserved": "2008-11-28T00:00:00.000Z",
"dateUpdated": "2024-08-07T10:49:12.569Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-1900 (GCVE-0-2006-1900)
Vulnerability from nvd – Published: 2006-04-20 10:00 – Updated: 2024-08-07 17:27
VLAI
Summary
Multiple buffer overflows in World Wide Web Consortium (W3C) Amaya 9.4, and possibly other versions including 8.x before 8.8.5, allow remote attackers to execute arbitrary code via a long value in (1) the COMPACT attribute of the COLGROUP element, (2) the ROWS attribute of the TEXTAREA element, and (3) the COLOR attribute of the LEGEND element; and via other unspecified attack vectors consisting of "dozens of possible snippets."
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
10 references
| URL | Tags |
|---|---|
| http://www.vupen.com/english/advisories/2006/1351 | vdb-entryx_refsource_VUPEN |
| http://www.securityfocus.com/archive/1/430877/100… | mailing-listx_refsource_BUGTRAQ |
| http://morph3us.org/advisories/20060412-amaya-94.txt | x_refsource_MISC |
| http://secunia.com/advisories/19670 | third-party-advisoryx_refsource_SECUNIA |
| http://www.securityfocus.com/bid/17507 | vdb-entryx_refsource_BID |
| http://www.osvdb.org/24624 | vdb-entryx_refsource_OSVDB |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.securityfocus.com/archive/1/430879/100… | mailing-listx_refsource_BUGTRAQ |
| http://www.osvdb.org/24623 | vdb-entryx_refsource_OSVDB |
| http://morph3us.org/advisories/20060412-amaya-94-2.txt | x_refsource_MISC |
Date Public
2006-04-12 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T17:27:29.459Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2006-1351",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/1351"
},
{
"name": "20060412 [BuHa-Security] Stack Based Buffer Overflow Vulnerability in Amaya 9.4",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/430877/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://morph3us.org/advisories/20060412-amaya-94.txt"
},
{
"name": "19670",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19670"
},
{
"name": "17507",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/17507"
},
{
"name": "24624",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/24624"
},
{
"name": "amaya-various-attribute-bo(25791)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25791"
},
{
"name": "20060412 [BuHa-Security] Stack Based Buffer Overflow Vulnerability in Amaya 9.4 #2",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/430879/100/0/threaded"
},
{
"name": "24623",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/24623"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://morph3us.org/advisories/20060412-amaya-94-2.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-04-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple buffer overflows in World Wide Web Consortium (W3C) Amaya 9.4, and possibly other versions including 8.x before 8.8.5, allow remote attackers to execute arbitrary code via a long value in (1) the COMPACT attribute of the COLGROUP element, (2) the ROWS attribute of the TEXTAREA element, and (3) the COLOR attribute of the LEGEND element; and via other unspecified attack vectors consisting of \"dozens of possible snippets.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-18T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2006-1351",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/1351"
},
{
"name": "20060412 [BuHa-Security] Stack Based Buffer Overflow Vulnerability in Amaya 9.4",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/430877/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://morph3us.org/advisories/20060412-amaya-94.txt"
},
{
"name": "19670",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19670"
},
{
"name": "17507",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/17507"
},
{
"name": "24624",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/24624"
},
{
"name": "amaya-various-attribute-bo(25791)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25791"
},
{
"name": "20060412 [BuHa-Security] Stack Based Buffer Overflow Vulnerability in Amaya 9.4 #2",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/430879/100/0/threaded"
},
{
"name": "24623",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/24623"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://morph3us.org/advisories/20060412-amaya-94-2.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1900",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple buffer overflows in World Wide Web Consortium (W3C) Amaya 9.4, and possibly other versions including 8.x before 8.8.5, allow remote attackers to execute arbitrary code via a long value in (1) the COMPACT attribute of the COLGROUP element, (2) the ROWS attribute of the TEXTAREA element, and (3) the COLOR attribute of the LEGEND element; and via other unspecified attack vectors consisting of \"dozens of possible snippets.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2006-1351",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1351"
},
{
"name": "20060412 [BuHa-Security] Stack Based Buffer Overflow Vulnerability in Amaya 9.4",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/430877/100/0/threaded"
},
{
"name": "http://morph3us.org/advisories/20060412-amaya-94.txt",
"refsource": "MISC",
"url": "http://morph3us.org/advisories/20060412-amaya-94.txt"
},
{
"name": "19670",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19670"
},
{
"name": "17507",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17507"
},
{
"name": "24624",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/24624"
},
{
"name": "amaya-various-attribute-bo(25791)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25791"
},
{
"name": "20060412 [BuHa-Security] Stack Based Buffer Overflow Vulnerability in Amaya 9.4 #2",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/430879/100/0/threaded"
},
{
"name": "24623",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/24623"
},
{
"name": "http://morph3us.org/advisories/20060412-amaya-94-2.txt",
"refsource": "MISC",
"url": "http://morph3us.org/advisories/20060412-amaya-94-2.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-1900",
"datePublished": "2006-04-20T10:00:00.000Z",
"dateReserved": "2006-04-20T00:00:00.000Z",
"dateUpdated": "2024-08-07T17:27:29.459Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-3183 (GCVE-0-2005-3183)
Vulnerability from nvd – Published: 2005-10-12 04:00 – Updated: 2024-08-07 23:01
VLAI
Summary
The HTBoundary_put_block function in HTBound.c for W3C libwww (w3c-libwww) allows remote servers to cause a denial of service (segmentation fault) via a crafted multipart/byteranges MIME message that triggers an out-of-bounds read.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
15 references
Date Public
2005-10-12 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:01:58.785Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "oval:org.mitre.oval:def:9653",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9653"
},
{
"name": "MDKSA-2005:210",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:210"
},
{
"name": "25098",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25098"
},
{
"name": "FEDORA-2005-953",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://www.securityfocus.com/advisories/9444"
},
{
"name": "FEDORA-2005-952",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://www.securityfocus.com/advisories/9445"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=159597"
},
{
"name": "RHSA-2007:0208",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0208.html"
},
{
"name": "17814",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17814"
},
{
"name": "17122",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17122"
},
{
"name": "17489",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17489"
},
{
"name": "USN-220-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/220-1/"
},
{
"name": "19193",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19193"
},
{
"name": "SCOSA-2006.10",
"tags": [
"vendor-advisory",
"x_refsource_SCO",
"x_transferred"
],
"url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.10/SCOSA-2006.10.txt"
},
{
"name": "15035",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/15035"
},
{
"name": "17119",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17119"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-10-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The HTBoundary_put_block function in HTBound.c for W3C libwww (w3c-libwww) allows remote servers to cause a denial of service (segmentation fault) via a crafted multipart/byteranges MIME message that triggers an out-of-bounds read."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-03T20:57:01.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "oval:org.mitre.oval:def:9653",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9653"
},
{
"name": "MDKSA-2005:210",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:210"
},
{
"name": "25098",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25098"
},
{
"name": "FEDORA-2005-953",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://www.securityfocus.com/advisories/9444"
},
{
"name": "FEDORA-2005-952",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://www.securityfocus.com/advisories/9445"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=159597"
},
{
"name": "RHSA-2007:0208",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0208.html"
},
{
"name": "17814",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17814"
},
{
"name": "17122",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17122"
},
{
"name": "17489",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17489"
},
{
"name": "USN-220-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/220-1/"
},
{
"name": "19193",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19193"
},
{
"name": "SCOSA-2006.10",
"tags": [
"vendor-advisory",
"x_refsource_SCO"
],
"url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.10/SCOSA-2006.10.txt"
},
{
"name": "15035",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/15035"
},
{
"name": "17119",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17119"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2005-3183",
"datePublished": "2005-10-12T04:00:00.000Z",
"dateReserved": "2005-10-12T00:00:00.000Z",
"dateUpdated": "2024-08-07T23:01:58.785Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-2274 (GCVE-0-2004-2274)
Vulnerability from nvd – Published: 2005-07-19 04:00 – Updated: 2024-08-08 01:22
VLAI
Summary
Unknown vulnerability in Jigsaw before 2.2.4 has unknown impact and attack vectors, possibly related to the parsing of the URI.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://securitytracker.com/id?1009169 | vdb-entryx_refsource_SECTRACK |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.w3.org/Jigsaw/RelNotes.html#2.2.4 | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/9711 | vdb-entryx_refsource_BID |
| http://www.osvdb.org/4014 | vdb-entryx_refsource_OSVDB |
| http://secunia.com/advisories/10975 | third-party-advisoryx_refsource_SECUNIA |
Date Public
2004-02-18 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:22:13.219Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1009169",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1009169"
},
{
"name": "jigsaw-url-execute-code(15298)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15298"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.w3.org/Jigsaw/RelNotes.html#2.2.4"
},
{
"name": "9711",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/9711"
},
{
"name": "4014",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/4014"
},
{
"name": "10975",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/10975"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-02-18T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Unknown vulnerability in Jigsaw before 2.2.4 has unknown impact and attack vectors, possibly related to the parsing of the URI."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1009169",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1009169"
},
{
"name": "jigsaw-url-execute-code(15298)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15298"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.w3.org/Jigsaw/RelNotes.html#2.2.4"
},
{
"name": "9711",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/9711"
},
{
"name": "4014",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/4014"
},
{
"name": "10975",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/10975"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-2274",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unknown vulnerability in Jigsaw before 2.2.4 has unknown impact and attack vectors, possibly related to the parsing of the URI."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1009169",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1009169"
},
{
"name": "jigsaw-url-execute-code(15298)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15298"
},
{
"name": "http://www.w3.org/Jigsaw/RelNotes.html#2.2.4",
"refsource": "CONFIRM",
"url": "http://www.w3.org/Jigsaw/RelNotes.html#2.2.4"
},
{
"name": "9711",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/9711"
},
{
"name": "4014",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/4014"
},
{
"name": "10975",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/10975"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-2274",
"datePublished": "2005-07-19T04:00:00.000Z",
"dateReserved": "2005-07-19T00:00:00.000Z",
"dateUpdated": "2024-08-08T01:22:13.219Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2002-1052 (GCVE-0-2002-1052)
Vulnerability from nvd – Published: 2002-08-31 04:00 – Updated: 2024-08-08 03:12
VLAI
Summary
Jigsaw 2.2.1 on Windows systems allows remote attackers to use MS-DOS device names in HTTP requests to (1) cause a denial of service using the "con" device, or (2) obtain the physical path of the server using two requests to the "aux" device.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
8 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/5258 | vdb-entryx_refsource_BID |
| http://www.iss.net/security_center/static/9587.php | vdb-entryx_refsource_XF |
| http://marc.info/?l=bugtraq&m=102691753204392&w=2 | mailing-listx_refsource_BUGTRAQ |
| http://marc.info/?l=bugtraq&m=102692936820193&w=2 | mailing-listx_refsource_BUGTRAQ |
| http://www.iss.net/security_center/static/9586.php | vdb-entryx_refsource_XF |
| http://archives.neohapsis.com/archives/vulnwatch/… | mailing-listx_refsource_VULNWATCH |
| http://www.securityfocus.com/bid/5251 | vdb-entryx_refsource_BID |
| http://archives.neohapsis.com/archives/vulnwatch/… | mailing-listx_refsource_VULNWATCH |
Date Public
2002-07-17 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T03:12:17.079Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "5258",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/5258"
},
{
"name": "jigsaw-dos-device-dos(9587)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/9587.php"
},
{
"name": "20020717 KPMG-2002031: Jigsaw Webserver Path Disclosure",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=102691753204392\u0026w=2"
},
{
"name": "20020717 KPMG-2002034: Jigsaw Webserver DOS device DoS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=102692936820193\u0026w=2"
},
{
"name": "jigsaw-aux-path-disclosure(9586)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/9586.php"
},
{
"name": "20020717 [VulnWatch] KPMG-2002034: Jigsaw Webserver DOS device DoS",
"tags": [
"mailing-list",
"x_refsource_VULNWATCH",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0031.html"
},
{
"name": "5251",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/5251"
},
{
"name": "20020717 [VulnWatch] KPMG-2002031: Jigsaw Webserver Path Disclosure",
"tags": [
"mailing-list",
"x_refsource_VULNWATCH",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0028.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-07-17T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Jigsaw 2.2.1 on Windows systems allows remote attackers to use MS-DOS device names in HTTP requests to (1) cause a denial of service using the \"con\" device, or (2) obtain the physical path of the server using two requests to the \"aux\" device."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-10-17T13:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "5258",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/5258"
},
{
"name": "jigsaw-dos-device-dos(9587)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/9587.php"
},
{
"name": "20020717 KPMG-2002031: Jigsaw Webserver Path Disclosure",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=102691753204392\u0026w=2"
},
{
"name": "20020717 KPMG-2002034: Jigsaw Webserver DOS device DoS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=102692936820193\u0026w=2"
},
{
"name": "jigsaw-aux-path-disclosure(9586)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/9586.php"
},
{
"name": "20020717 [VulnWatch] KPMG-2002034: Jigsaw Webserver DOS device DoS",
"tags": [
"mailing-list",
"x_refsource_VULNWATCH"
],
"url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0031.html"
},
{
"name": "5251",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/5251"
},
{
"name": "20020717 [VulnWatch] KPMG-2002031: Jigsaw Webserver Path Disclosure",
"tags": [
"mailing-list",
"x_refsource_VULNWATCH"
],
"url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0028.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-1052",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Jigsaw 2.2.1 on Windows systems allows remote attackers to use MS-DOS device names in HTTP requests to (1) cause a denial of service using the \"con\" device, or (2) obtain the physical path of the server using two requests to the \"aux\" device."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "5258",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5258"
},
{
"name": "jigsaw-dos-device-dos(9587)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/9587.php"
},
{
"name": "20020717 KPMG-2002031: Jigsaw Webserver Path Disclosure",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=102691753204392\u0026w=2"
},
{
"name": "20020717 KPMG-2002034: Jigsaw Webserver DOS device DoS",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=102692936820193\u0026w=2"
},
{
"name": "jigsaw-aux-path-disclosure(9586)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/9586.php"
},
{
"name": "20020717 [VulnWatch] KPMG-2002034: Jigsaw Webserver DOS device DoS",
"refsource": "VULNWATCH",
"url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0031.html"
},
{
"name": "5251",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5251"
},
{
"name": "20020717 [VulnWatch] KPMG-2002031: Jigsaw Webserver Path Disclosure",
"refsource": "VULNWATCH",
"url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0028.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-1052",
"datePublished": "2002-08-31T04:00:00.000Z",
"dateReserved": "2002-08-30T00:00:00.000Z",
"dateUpdated": "2024-08-08T03:12:17.079Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2002-1053 (GCVE-0-2002-1053)
Vulnerability from nvd – Published: 2003-04-02 05:00 – Updated: 2024-08-08 03:12
VLAI
Summary
Cross-site scripting (XSS) vulnerability in W3C Jigsaw Proxy Server before 2.2.1 allows remote attackers to execute arbitrary script via a URL that contains a reference to a nonexistent host followed by the script, which is included in the resulting error message.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| http://www.osvdb.org/4015 | vdb-entryx_refsource_OSVDB |
| http://archives.neohapsis.com/archives/bugtraq/20… | mailing-listx_refsource_BUGTRAQ |
| http://www.iss.net/security_center/static/9914.php | vdb-entryx_refsource_XF |
| http://www.securityfocus.com/bid/5506 | vdb-entryx_refsource_BID |
| http://www.w3.org/Jigsaw/RelNotes.html#2.2.1 | x_refsource_CONFIRM |
Date Public
2002-08-17 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T03:12:17.119Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "4015",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/4015"
},
{
"name": "20020817 W3C Jigsaw Proxy Server: Cross-Site Scripting Vulnerability (REPOST)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-08/0190.html"
},
{
"name": "jigsaw-http-proxy-xss(9914)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/9914.php"
},
{
"name": "5506",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/5506"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.w3.org/Jigsaw/RelNotes.html#2.2.1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-08-17T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in W3C Jigsaw Proxy Server before 2.2.1 allows remote attackers to execute arbitrary script via a URL that contains a reference to a nonexistent host followed by the script, which is included in the resulting error message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2003-03-25T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "4015",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/4015"
},
{
"name": "20020817 W3C Jigsaw Proxy Server: Cross-Site Scripting Vulnerability (REPOST)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-08/0190.html"
},
{
"name": "jigsaw-http-proxy-xss(9914)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/9914.php"
},
{
"name": "5506",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/5506"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.w3.org/Jigsaw/RelNotes.html#2.2.1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-1053",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in W3C Jigsaw Proxy Server before 2.2.1 allows remote attackers to execute arbitrary script via a URL that contains a reference to a nonexistent host followed by the script, which is included in the resulting error message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "4015",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/4015"
},
{
"name": "20020817 W3C Jigsaw Proxy Server: Cross-Site Scripting Vulnerability (REPOST)",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-08/0190.html"
},
{
"name": "jigsaw-http-proxy-xss(9914)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/9914.php"
},
{
"name": "5506",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5506"
},
{
"name": "http://www.w3.org/Jigsaw/RelNotes.html#2.2.1",
"refsource": "CONFIRM",
"url": "http://www.w3.org/Jigsaw/RelNotes.html#2.2.1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-1053",
"datePublished": "2003-04-02T05:00:00.000Z",
"dateReserved": "2002-08-30T00:00:00.000Z",
"dateUpdated": "2024-08-08T03:12:17.119Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2002-1445 (GCVE-0-2002-1445)
Vulnerability from nvd – Published: 2003-03-18 05:00 – Updated: 2024-08-08 03:26
VLAI
Summary
Cross-site scripting (XSS) vulnerability in CERN Proxy Server allows remote attackers to execute script as other users via a link to a non-existent page whose name contains the script, which is inserted into the resulting error page.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://archives.neohapsis.com/archives/bugtraq/20… | mailing-listx_refsource_BUGTRAQ |
| http://www.securityfocus.com/bid/5447 | vdb-entryx_refsource_BID |
| http://www.iss.net/security_center/static/9834.php | vdb-entryx_refsource_XF |
Date Public
2002-08-11 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T03:26:28.278Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20020811 CERN Proxy Server: Cross-Site Scripting Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-08/0097.html"
},
{
"name": "5447",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/5447"
},
{
"name": "cern-proxy-xss(9834)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/9834.php"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-08-11T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in CERN Proxy Server allows remote attackers to execute script as other users via a link to a non-existent page whose name contains the script, which is inserted into the resulting error page."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2003-03-21T10:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20020811 CERN Proxy Server: Cross-Site Scripting Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-08/0097.html"
},
{
"name": "5447",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/5447"
},
{
"name": "cern-proxy-xss(9834)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/9834.php"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-1445",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in CERN Proxy Server allows remote attackers to execute script as other users via a link to a non-existent page whose name contains the script, which is inserted into the resulting error page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20020811 CERN Proxy Server: Cross-Site Scripting Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-08/0097.html"
},
{
"name": "5447",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5447"
},
{
"name": "cern-proxy-xss(9834)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/9834.php"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-1445",
"datePublished": "2003-03-18T05:00:00.000Z",
"dateReserved": "2003-02-05T00:00:00.000Z",
"dateUpdated": "2024-08-08T03:26:28.278Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2000-0079 (GCVE-0-2000-0079)
Vulnerability from nvd – Published: 2000-02-04 05:00 – Updated: 2024-08-08 05:05
VLAI
Summary
The W3C CERN httpd HTTP server allows remote attackers to determine the real pathnames of some commands via a request for a nonexistent URL.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/936 | vdb-entryx_refsource_BID |
Date Public
2000-01-18 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T05:05:53.929Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "936",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/936"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2000-01-18T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The W3C CERN httpd HTTP server allows remote attackers to determine the real pathnames of some commands via a request for a nonexistent URL."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2001-12-16T10:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "936",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/936"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2000-0079",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The W3C CERN httpd HTTP server allows remote attackers to determine the real pathnames of some commands via a request for a nonexistent URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "936",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/936"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2000-0079",
"datePublished": "2000-02-04T05:00:00.000Z",
"dateReserved": "2000-01-22T00:00:00.000Z",
"dateUpdated": "2024-08-08T05:05:53.929Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
VAR-201702-0605
Vulnerability from variot - Updated: 2023-12-18 13:29The W3C High Resolution Time API, as implemented in various web browsers, does not consider that memory-reference times can be measured by a performance.now "Time to Tick" approach even with the https://bugzilla.mozilla.org/show_bug.cgi?id=1167489#c9 protection mechanism in place, which makes it easier for remote attackers to conduct AnC attacks via crafted JavaScript code. W3CHighResolutionTimeAPI is a set of JavaScript interfaces for the current time format that provides sub-millisecond resolution for web applications. A security vulnerability exists in W3CHighResolutionTimeAPI. An attacker could exploit the vulnerability to implement an AnC attack with specially crafted JavaScript code. W3C High Resolution Time API is prone to a security vulnerability. Attackers can exploit this issue to bypass certain security restrictions and gain access to some sensitive information. This may aid in further attacks
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201702-0605",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "high resolution time api",
"scope": "eq",
"trust": 1.0,
"vendor": "w3",
"version": null
},
{
"model": "high resolution time",
"scope": null,
"trust": 0.8,
"vendor": "w3c",
"version": null
},
{
"model": "high resolution time api",
"scope": null,
"trust": 0.6,
"vendor": "w3c",
"version": null
},
{
"model": "high resolution time api",
"scope": "eq",
"trust": 0.6,
"vendor": "w3c",
"version": null
},
{
"model": "high resolution time api",
"scope": "eq",
"trust": 0.3,
"vendor": "w3c",
"version": "0"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-02599"
},
{
"db": "BID",
"id": "97036"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002232"
},
{
"db": "NVD",
"id": "CVE-2017-5928"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-923"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:w3:high_resolution_time_api:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-5928"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "VUSec",
"sources": [
{
"db": "BID",
"id": "97036"
}
],
"trust": 0.3
},
"cve": "CVE-2017-5928",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2017-5928",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2017-02599",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.2,
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "High",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 3.7,
"baseSeverity": "Low",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2017-5928",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-5928",
"trust": 1.8,
"value": "LOW"
},
{
"author": "CNVD",
"id": "CNVD-2017-02599",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201702-923",
"trust": 0.6,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-02599"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002232"
},
{
"db": "NVD",
"id": "CVE-2017-5928"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-923"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The W3C High Resolution Time API, as implemented in various web browsers, does not consider that memory-reference times can be measured by a performance.now \"Time to Tick\" approach even with the https://bugzilla.mozilla.org/show_bug.cgi?id=1167489#c9 protection mechanism in place, which makes it easier for remote attackers to conduct AnC attacks via crafted JavaScript code. W3CHighResolutionTimeAPI is a set of JavaScript interfaces for the current time format that provides sub-millisecond resolution for web applications. A security vulnerability exists in W3CHighResolutionTimeAPI. An attacker could exploit the vulnerability to implement an AnC attack with specially crafted JavaScript code. W3C High Resolution Time API is prone to a security vulnerability. \nAttackers can exploit this issue to bypass certain security restrictions and gain access to some sensitive information. This may aid in further attacks",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-5928"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002232"
},
{
"db": "CNVD",
"id": "CNVD-2017-02599"
},
{
"db": "BID",
"id": "97036"
}
],
"trust": 2.43
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-5928",
"trust": 3.3
},
{
"db": "BID",
"id": "97036",
"trust": 2.7
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002232",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2017-02599",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201702-923",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-02599"
},
{
"db": "BID",
"id": "97036"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002232"
},
{
"db": "NVD",
"id": "CVE-2017-5928"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-923"
}
]
},
"id": "VAR-201702-0605",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-02599"
}
],
"trust": 1.2666667
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-02599"
}
]
},
"last_update_date": "2023-12-18T13:29:25.613000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "High Resolution Time Level 3",
"trust": 0.8,
"url": "https://www.w3.org/tr/hr-time-3/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-002232"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "CWE-361",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-002232"
},
{
"db": "NVD",
"id": "CVE-2017-5928"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.2,
"url": "http://www.cs.vu.nl/~herbertb/download/papers/anc_ndss17.pdf"
},
{
"trust": 1.6,
"url": "http://www.securityfocus.com/bid/97036"
},
{
"trust": 1.6,
"url": "https://www.vusec.net/projects/anc"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-5928"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-5928"
},
{
"trust": 0.8,
"url": "http://www.securityfocus.com/bid/97036/info"
},
{
"trust": 0.8,
"url": "https://www.vusec.net/projects/anc/"
},
{
"trust": 0.3,
"url": "https://www.w3.org/tr/hr-time-3/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-02599"
},
{
"db": "BID",
"id": "97036"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002232"
},
{
"db": "NVD",
"id": "CVE-2017-5928"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-923"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2017-02599"
},
{
"db": "BID",
"id": "97036"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002232"
},
{
"db": "NVD",
"id": "CVE-2017-5928"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-923"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-03-10T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-02599"
},
{
"date": "2017-02-27T00:00:00",
"db": "BID",
"id": "97036"
},
{
"date": "2017-04-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-002232"
},
{
"date": "2017-02-27T07:59:00.270000",
"db": "NVD",
"id": "CVE-2017-5928"
},
{
"date": "2017-02-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201702-923"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-03-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-02599"
},
{
"date": "2017-03-29T04:01:00",
"db": "BID",
"id": "97036"
},
{
"date": "2017-04-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-002232"
},
{
"date": "2021-09-13T12:04:51.793000",
"db": "NVD",
"id": "CVE-2017-5928"
},
{
"date": "2019-10-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201702-923"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201702-923"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Web Implemented in browser W3C High Resolution Time API In AnC Attacked vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-002232"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201702-923"
}
],
"trust": 0.6
}
}