[email protected]NVD:CVE-2003-0442

HistoryJul 24, 2003 - 4:00 a.m.

CVE-2003-0442

2003-07-2404:00:00

[email protected]

web.nvd.nist.gov

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.9 Medium

AI Score

Confidence

High

0.02 Low

EPSS

Percentile

88.8%

JSON

Cross-site scripting (XSS) vulnerability in the transparent SID support capability for PHP before 4.3.2 (session.use_trans_sid) allows remote attackers to insert arbitrary script via the PHPSESSID parameter.

Affected configurations

NVD

Node

phpphpRange≤4.3.1

Node

redhatlinuxMatch8.0

redhatlinuxMatch9.0

References

distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000691

marc.info/?l=bugtraq&m=105449314612963&w=2

marc.info/?l=bugtraq&m=105760591228031&w=2

shh.thathost.com/secadv/2003-05-11-php.txt

www.ciac.org/ciac/bulletins/n-112.shtml

www.debian.org/security/2003/dsa-351

www.mandriva.com/security/advisories?name=MDKSA-2003:082

www.osvdb.org/4758

www.redhat.com/support/errata/RHSA-2003-204.html

www.securityfocus.com/bid/7761

www.securitytracker.com/id?1008653

www.turbolinux.co.jp/security/2003/TLSA-2003-47j.txt

exchange.xforce.ibmcloud.com/vulnerabilities/12259

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A485

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.9 Medium

AI Score

Confidence

High

0.02 Low

EPSS

Percentile

88.8%

JSON

Related for NVD:CVE-2003-0442

securityvulns1 cvelist1 openvas2 cve1 debian1 osv1 nessus3