Lucene search

[email protected]CVE-2003-0442

HistoryJul 24, 2003 - 4:00 a.m.

CVE-2003-0442

2003-07-2404:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2003-0442

cross-site scripting

xss

php

session.use_trans_sid

remote attackers

5.9 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.02 Low

EPSS

Percentile

88.7%

JSON

Cross-site scripting (XSS) vulnerability in the transparent SID support capability for PHP before 4.3.2 (session.use_trans_sid) allows remote attackers to insert arbitrary script via the PHPSESSID parameter.

CPENameOperatorVersion
php:phpphple4.3.1
redhat:linuxredhat linuxeq8.0
redhat:linuxredhat linuxeq9.0

CPE	Name	Operator	Version
php:php	php	le	4.3.1
redhat:linux	redhat linux	eq	8.0
redhat:linux	redhat linux	eq	9.0

References

distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000691

marc.info/?l=bugtraq&m=105449314612963&w=2

marc.info/?l=bugtraq&m=105760591228031&w=2

shh.thathost.com/secadv/2003-05-11-php.txt

www.ciac.org/ciac/bulletins/n-112.shtml

www.debian.org/security/2003/dsa-351

www.mandriva.com/security/advisories?name=MDKSA-2003:082

www.osvdb.org/4758

www.redhat.com/support/errata/RHSA-2003-204.html

www.securityfocus.com/bid/7761

www.securitytracker.com/id?1008653

www.turbolinux.co.jp/security/2003/TLSA-2003-47j.txt

exchange.xforce.ibmcloud.com/vulnerabilities/12259

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A485

5.9 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.02 Low

EPSS

Percentile

88.7%

JSON

Related for CVE-2003-0442

openvas2 debian1 osv1 nessus3 securityvulns1 cvelist1