Cross-site scripting (XSS) vulnerability in IBM Web Traffic Express Caching Proxy Server 3.6 and 4.x before 4.0.1.26 allows remote attackers to execute script as other users via an HTTP request that contains an Location: header with a "%0a%0d" (CRLF) sequence, which echoes the Location as an HTTP header in the server response.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2002-10-25T04:00:00

Updated: 2024-08-08T03:19:27.687Z

Reserved: 2002-09-27T00:00:00

Link: CVE-2002-1168

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2002-11-04T05:00:00.000

Modified: 2024-11-20T23:40:44.430

Link: CVE-2002-1168

cve-icon Redhat

No data.