Lucene search

[email protected]CVE-2005-4502

HistoryDec 22, 2005 - 9:03 p.m.

CVE-2005-4502

2005-12-2221:03:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2005-4502

cross-site scripting

xss

httprint

version v202

security vulnerability

6.3 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.013 Low

EPSS

Percentile

85.4%

JSON

Cross-site scripting (XSS) vulnerability in httprint v202, and possibly other versions before v301, allows remote attackers to inject arbitrary web script or HTML via the Server field in an HTTP response, which is not sanitized before being displayed to the user.

CPENameOperatorVersion
net-square:httprintnet-square httprinteq202

CPE	Name	Operator	Version
net-square:httprint	net-square httprint	eq	202

References

lists.grok.org.uk/pipermail/full-disclosure/2005-December/040532.html

net-square.com/httprint/#history

secunia.com/advisories/18208

securitytracker.com/id?1015403

www.cybsec.com/vuln/CYBSEC_Security_Advisory_httprint_Multiple_Vulnerabilities.pdf

www.securityfocus.com/archive/1/420101/100/0/threaded

www.securityfocus.com/bid/16031

www.vupen.com/english/advisories/2005/3070

exchange.xforce.ibmcloud.com/vulnerabilities/23885

6.3 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.013 Low

EPSS

Percentile

85.4%

JSON