CVE-2003-0442 - OpenCVE

Cross-site scripting (XSS) vulnerability in the transparent SID support capability for PHP before 4.3.2 (session.use_trans_sid) allows remote attackers to insert arbitrary script via the PHPSESSID parameter.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:N/C:N/I:P/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Redhat	Linux
Php	Php

Configuration 1 [-]

cpe:2.3:a:php:php:*:*:*:*:*:*:*:*

Configuration 2 [-]

OR	cpe:2.3:o:redhat:linux:8.0:::::::*
	cpe:2.3:o:redhat:linux:9.0:::::::*

References

Link	Resource
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000691
http://marc.info/?l=bugtraq&m=105449314612963&w=2
http://marc.info/?l=bugtraq&m=105760591228031&w=2
http://shh.thathost.com/secadv/2003-05-11-php.txt	Exploit Patch Vendor Advisory
http://www.ciac.org/ciac/bulletins/n-112.shtml
http://www.debian.org/security/2003/dsa-351
http://www.mandriva.com/security/advisories?name=MDKSA-2003:082
http://www.osvdb.org/4758
http://www.redhat.com/support/errata/RHSA-2003-204.html	Patch Vendor Advisory
http://www.securityfocus.com/bid/7761
http://www.securitytracker.com/id?1008653
http://www.turbolinux.co.jp/security/2003/TLSA-2003-47j.txt
https://exchange.xforce.ibmcloud.com/vulnerabilities/12259
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A485

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2003-06-20T04:00:00

Updated: 2017-10-10T00:57:01

Reserved: 2003-06-18T00:00:00

Link: CVE-2003-0442

JSON object: View

NVD Information

Status : Modified

Published: 2003-07-24T04:00:00.000

Modified: 2018-05-03T01:29:20.257

Link: CVE-2003-0442

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-Other

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2003-05-30T00:00:00", "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in the transparent SID support capability for PHP before 4.3.2 (session.use_trans_sid) allows remote attackers to insert arbitrary script via the PHPSESSID parameter."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-10-10T00:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "MDKSA-2003:082", "tags": ["vendor-advisory", "x_refsource_MANDRAKE"], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:082"}, {"name": "1008653", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id?1008653"}, {"name": "7761", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/7761"}, {"name": "CLSA-2003:691", "tags": ["vendor-advisory", "x_refsource_CONECTIVA"], "url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000691"}, {"tags": ["x_refsource_MISC"], "url": "http://shh.thathost.com/secadv/2003-05-11-php.txt"}, {"name": "DSA-351", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2003/dsa-351"}, {"name": "php-session-id-xss(12259)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/12259"}, {"name": "20030707 [OpenPKG-SA-2003.032] OpenPKG Security Advisory (php)", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://marc.info/?l=bugtraq&m=105760591228031&w=2"}, {"name": "TLSA-2003-47", "tags": ["vendor-advisory", "x_refsource_TURBO"], "url": "http://www.turbolinux.co.jp/security/2003/TLSA-2003-47j.txt"}, {"name": "oval:org.mitre.oval:def:485", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A485"}, {"name": "20030530 PHP Trans SID XSS (Was: New php release with security fixes)", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://marc.info/?l=bugtraq&m=105449314612963&w=2"}, {"name": "4758", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/4758"}, {"name": "N-112", "tags": ["third-party-advisory", "government-resource", "x_refsource_CIAC"], "url": "http://www.ciac.org/ciac/bulletins/n-112.shtml"}, {"name": "RHSA-2003:204", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://www.redhat.com/support/errata/RHSA-2003-204.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2003-0442", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Cross-site scripting (XSS) vulnerability in the transparent SID support capability for PHP before 4.3.2 (session.use_trans_sid) allows remote attackers to insert arbitrary script via the PHPSESSID parameter."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "MDKSA-2003:082", "refsource": "MANDRAKE", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:082"}, {"name": "1008653", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1008653"}, {"name": "7761", "refsource": "BID", "url": "http://www.securityfocus.com/bid/7761"}, {"name": "CLSA-2003:691", "refsource": "CONECTIVA", "url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000691"}, {"name": "http://shh.thathost.com/secadv/2003-05-11-php.txt", "refsource": "MISC", "url": "http://shh.thathost.com/secadv/2003-05-11-php.txt"}, {"name": "DSA-351", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2003/dsa-351"}, {"name": "php-session-id-xss(12259)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/12259"}, {"name": "20030707 [OpenPKG-SA-2003.032] OpenPKG Security Advisory (php)", "refsource": "BUGTRAQ", "url": "http://marc.info/?l=bugtraq&m=105760591228031&w=2"}, {"name": "TLSA-2003-47", "refsource": "TURBO", "url": "http://www.turbolinux.co.jp/security/2003/TLSA-2003-47j.txt"}, {"name": "oval:org.mitre.oval:def:485", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A485"}, {"name": "20030530 PHP Trans SID XSS (Was: New php release with security fixes)", "refsource": "BUGTRAQ", "url": "http://marc.info/?l=bugtraq&m=105449314612963&w=2"}, {"name": "4758", "refsource": "OSVDB", "url": "http://www.osvdb.org/4758"}, {"name": "N-112", "refsource": "CIAC", "url": "http://www.ciac.org/ciac/bulletins/n-112.shtml"}, {"name": "RHSA-2003:204", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2003-204.html"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2003-0442", "datePublished": "2003-06-20T04:00:00", "dateReserved": "2003-06-18T00:00:00", "dateUpdated": "2017-10-10T00:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*", "matchCriteriaId": "0BAF4C14-87E2-4AC2-9EF6-7A6E9D776D09", "versionEndIncluding": "4.3.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:redhat:linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "038FEDE7-986F-4CA5-9003-BA68352B87D4", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "E66F7BF0-EF7C-4695-9D67-7C1A01C6F9B9", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in the transparent SID support capability for PHP before 4.3.2 (session.use_trans_sid) allows remote attackers to insert arbitrary script via the PHPSESSID parameter."}, {"lang": "es", "value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en la capacidad de soporte transparente de SID en PHP anteriores a 4.3.2 (session.use_trans_sid) permite a atacantes remotos insertar script arbitrario mediante el par\u00e1metro PHPSESSID"}], "id": "CVE-2003-0442", "lastModified": "2018-05-03T01:29:20.257", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2003-07-24T04:00:00.000", "references": [{"source": "cve@mitre.org", "url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000691"}, {"source": "cve@mitre.org", "url": "http://marc.info/?l=bugtraq&m=105449314612963&w=2"}, {"source": "cve@mitre.org", "url": "http://marc.info/?l=bugtraq&m=105760591228031&w=2"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Patch", "Vendor Advisory"], "url": "http://shh.thathost.com/secadv/2003-05-11-php.txt"}, {"source": "cve@mitre.org", "url": "http://www.ciac.org/ciac/bulletins/n-112.shtml"}, {"source": "cve@mitre.org", "url": "http://www.debian.org/security/2003/dsa-351"}, {"source": "cve@mitre.org", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:082"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/4758"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.redhat.com/support/errata/RHSA-2003-204.html"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/7761"}, {"source": "cve@mitre.org", "url": "http://www.securitytracker.com/id?1008653"}, {"source": "cve@mitre.org", "url": "http://www.turbolinux.co.jp/security/2003/TLSA-2003-47j.txt"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/12259"}, {"source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A485"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}