Lucene search

[email protected]CVE-2003-0768

HistorySep 22, 2003 - 4:00 a.m.

CVE-2003-0768

2003-09-2204:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

microsoft

asp.net

xss

bypass

null character

tag name

6.9 Medium

AI Score

Confidence

High

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.951 High

EPSS

Percentile

99.3%

JSON

Microsoft ASP.Net 1.1 allows remote attackers to bypass the Cross-Site Scripting (XSS) and Script Injection protection feature via a null character in the beginning of a tag name.

CPENameOperatorVersion
microsoft:asp.netmicrosoft asp.neteq1.1

CPE	Name	Operator	Version
microsoft:asp.net	microsoft asp.net	eq	1.1

References

marc.info/?l=bugtraq&m=106304326916062&w=2

6.9 Medium

AI Score

Confidence

High

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.951 High

EPSS

Percentile

99.3%

JSON