CVE-2001-0835 - OpenCVE

Cross-site scripting vulnerability in Webalizer 2.01-06, and possibly other versions, allows remote attackers to inject arbitrary HTML tags by specifying them in (1) search keywords embedded in HTTP referrer information, or (2) host names that are retrieved via a reverse DNS lookup.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Bradford Barrett	Webalizer

Configuration 1 [-]

cpe:2.3:a:bradford_barrett:webalizer:*:*:*:*:*:*:*:*

References

Link	Resource
http://lists.suse.com/archives/suse-security-announce/2001-Nov/0001.html	Patch Vendor Advisory
http://marc.info/?l=bugtraq&m=100394630702875&w=2
http://www.linuxsecurity.com/advisories/other_advisory-1677.html
http://www.mrunix.net/webalizer/news.html	Patch Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2001-140.html
http://www.redhat.com/support/errata/RHSA-2001-141.html	Patch Vendor Advisory
http://www.securityfocus.com/bid/3473	Patch Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/7350
https://exchange.xforce.ibmcloud.com/vulnerabilities/7351

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2001-11-22T05:00:00

Updated: 2017-12-18T21:57:01

Reserved: 2001-11-22T00:00:00

Link: CVE-2001-0835

JSON object: View

NVD Information

Status : Modified

Published: 2001-12-06T05:00:00.000

Modified: 2017-12-19T02:29:27.597

Link: CVE-2001-0835

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-Other

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2001-10-24T00:00:00", "descriptions": [{"lang": "en", "value": "Cross-site scripting vulnerability in Webalizer 2.01-06, and possibly other versions, allows remote attackers to inject arbitrary HTML tags by specifying them in (1) search keywords embedded in HTTP referrer information, or (2) host names that are retrieved via a reverse DNS lookup."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-12-18T21:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "3473", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/3473"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.mrunix.net/webalizer/news.html"}, {"name": "RHSA-2001:141", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://www.redhat.com/support/errata/RHSA-2001-141.html"}, {"name": "SuSE-SA:2001:040", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.suse.com/archives/suse-security-announce/2001-Nov/0001.html"}, {"name": "ESA-20011101-01", "tags": ["vendor-advisory", "x_refsource_ENGARDE"], "url": "http://www.linuxsecurity.com/advisories/other_advisory-1677.html"}, {"name": "webalizer-html-tags-keywords(7351)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7351"}, {"name": "webalizer-html-tag-host(7350)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7350"}, {"name": "RHSA-2001:140", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://www.redhat.com/support/errata/RHSA-2001-140.html"}, {"name": "20011024 Cross-site Scripting Flaw in webalizer", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://marc.info/?l=bugtraq&m=100394630702875&w=2"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2001-0835", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Cross-site scripting vulnerability in Webalizer 2.01-06, and possibly other versions, allows remote attackers to inject arbitrary HTML tags by specifying them in (1) search keywords embedded in HTTP referrer information, or (2) host names that are retrieved via a reverse DNS lookup."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "3473", "refsource": "BID", "url": "http://www.securityfocus.com/bid/3473"}, {"name": "http://www.mrunix.net/webalizer/news.html", "refsource": "CONFIRM", "url": "http://www.mrunix.net/webalizer/news.html"}, {"name": "RHSA-2001:141", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2001-141.html"}, {"name": "SuSE-SA:2001:040", "refsource": "SUSE", "url": "http://lists.suse.com/archives/suse-security-announce/2001-Nov/0001.html"}, {"name": "ESA-20011101-01", "refsource": "ENGARDE", "url": "http://www.linuxsecurity.com/advisories/other_advisory-1677.html"}, {"name": "webalizer-html-tags-keywords(7351)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7351"}, {"name": "webalizer-html-tag-host(7350)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7350"}, {"name": "RHSA-2001:140", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2001-140.html"}, {"name": "20011024 Cross-site Scripting Flaw in webalizer", "refsource": "BUGTRAQ", "url": "http://marc.info/?l=bugtraq&m=100394630702875&w=2"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2001-0835", "datePublished": "2001-11-22T05:00:00", "dateReserved": "2001-11-22T00:00:00", "dateUpdated": "2017-12-18T21:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:bradford_barrett:webalizer:*:*:*:*:*:*:*:*", "matchCriteriaId": "F5701FB3-1F15-4E08-83B3-35128DE54AE3", "versionEndIncluding": "2.0.6", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Cross-site scripting vulnerability in Webalizer 2.01-06, and possibly other versions, allows remote attackers to inject arbitrary HTML tags by specifying them in (1) search keywords embedded in HTTP referrer information, or (2) host names that are retrieved via a reverse DNS lookup."}], "id": "CVE-2001-0835", "lastModified": "2017-12-19T02:29:27.597", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2001-12-06T05:00:00.000", "references": [{"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://lists.suse.com/archives/suse-security-announce/2001-Nov/0001.html"}, {"source": "cve@mitre.org", "url": "http://marc.info/?l=bugtraq&m=100394630702875&w=2"}, {"source": "cve@mitre.org", "url": "http://www.linuxsecurity.com/advisories/other_advisory-1677.html"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.mrunix.net/webalizer/news.html"}, {"source": "cve@mitre.org", "url": "http://www.redhat.com/support/errata/RHSA-2001-140.html"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.redhat.com/support/errata/RHSA-2001-141.html"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.securityfocus.com/bid/3473"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7350"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7351"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}