Vulnerabilities > CVE-2004-1512 - Remote vulnerability in Soft3304 04Webserver 1.42
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
NONE Integrity impact
PARTIAL Availability impact
NONE Summary
Cross-site scripting (XSS) vulnerability in Response_default.html in 04WebServer 1.42 allows remote attackers to execute arbitrary web script or HTML via script code in the URL, which is not quoted in the resulting default error page.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Nessus
| NASL family | Web Servers |
| NASL id | 04WEBSERVER.NASL |
| description | The remote host is running a version of 04WebServer which is older than version 1.5. Such versions are affected by multiple vulnerabilities : - A cross-site scripting vulnerability in the Response_default.html script which could allow an attacker to execute arbitrary code in the user |
| last seen | 2020-06-01 |
| modified | 2020-06-02 |
| plugin id | 15713 |
| published | 2004-11-13 |
| reporter | This script is Copyright (C) 2004-2018 Tenable Network Security, Inc. |
| source | https://www.tenable.com/plugins/nessus/15713 |
| title | 04WebServer Multiple Vulnerabilities (XSS, DoS, more) |
References
- http://marc.info/?l=bugtraq&m=110012542615484&w=2
- http://marc.info/?l=bugtraq&m=110054395311823&w=2
- http://secunia.com/advisories/13159/
- http://www.security.org.sg/vuln/04webserver142.html
- http://www.securityfocus.com/bid/11652
- http://www.soft3304.net/04WebServer/Security.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/18033