{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2003-0063", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2024-08-22T14:39:07.212Z", "dateReserved": "2003-02-04T00:00:00", "datePublished": "2004-09-01T04:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2024-06-15T10:05:53.568606"}, "descriptions": [{"lang": "en", "value": "The xterm terminal emulator in XFree86 4.2.0 and earlier allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute arbitrary commands."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"name": "DSA-380", "tags": ["vendor-advisory"], "url": "http://www.debian.org/security/2003/dsa-380"}, {"name": "RHSA-2003:067", "tags": ["vendor-advisory"], "url": "http://www.redhat.com/support/errata/RHSA-2003-067.html"}, {"name": "RHSA-2003:066", "tags": ["vendor-advisory"], "url": "http://www.redhat.com/support/errata/RHSA-2003-066.html"}, {"name": "20030224 Terminal Emulator Security Issues", "tags": ["mailing-list"], "url": "http://marc.info/?l=bugtraq&m=104612710031920&w=2"}, {"name": "RHSA-2003:064", "tags": ["vendor-advisory"], "url": "http://www.redhat.com/support/errata/RHSA-2003-064.html"}, {"name": "RHSA-2003:065", "tags": ["vendor-advisory"], "url": "http://www.redhat.com/support/errata/RHSA-2003-065.html"}, {"name": "6940", "tags": ["vdb-entry"], "url": "http://www.securityfocus.com/bid/6940"}, {"name": "terminal-emulator-window-title(11414)", "tags": ["vdb-entry"], "url": "http://www.iss.net/security_center/static/11414.php"}, {"name": "20030224 Terminal Emulator Security Issues", "tags": ["mailing-list"], "url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.html"}, {"name": "[oss-security] 20240615 iTerm2 3.5.x title reporting bug", "tags": ["mailing-list"], "url": "http://www.openwall.com/lists/oss-security/2024/06/15/1"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}], "datePublic": "2003-02-24T00:00:00"}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-08T01:43:35.241Z"}, "title": "CVE Program Container", "references": [{"name": "DSA-380", "tags": ["vendor-advisory", "x_transferred"], "url": "http://www.debian.org/security/2003/dsa-380"}, {"name": "RHSA-2003:067", "tags": ["vendor-advisory", "x_transferred"], "url": "http://www.redhat.com/support/errata/RHSA-2003-067.html"}, {"name": "RHSA-2003:066", "tags": ["vendor-advisory", "x_transferred"], "url": "http://www.redhat.com/support/errata/RHSA-2003-066.html"}, {"name": "20030224 Terminal Emulator Security Issues", "tags": ["mailing-list", "x_transferred"], "url": "http://marc.info/?l=bugtraq&m=104612710031920&w=2"}, {"name": "RHSA-2003:064", "tags": ["vendor-advisory", "x_transferred"], "url": "http://www.redhat.com/support/errata/RHSA-2003-064.html"}, {"name": "RHSA-2003:065", "tags": ["vendor-advisory", "x_transferred"], "url": "http://www.redhat.com/support/errata/RHSA-2003-065.html"}, {"name": "6940", "tags": ["vdb-entry", "x_transferred"], "url": "http://www.securityfocus.com/bid/6940"}, {"name": "terminal-emulator-window-title(11414)", "tags": ["vdb-entry", "x_transferred"], "url": "http://www.iss.net/security_center/static/11414.php"}, {"name": "20030224 Terminal Emulator Security Issues", "tags": ["mailing-list", "x_transferred"], "url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.html"}, {"name": "[oss-security] 20240615 iTerm2 3.5.x title reporting bug", "tags": ["mailing-list", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2024/06/15/1"}]}, {"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-150", "lang": "en", "description": "CWE-150 Improper Neutralization of Escape, Meta, or Control Sequences"}]}], "affected": [{"vendor": "xfree86", "product": "xfree86", "cpes": ["cpe:2.3:a:xfree86:xfree86:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "4.2.0", "versionType": "custom"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.3, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2024-07-24T17:38:21.119752Z", "id": "CVE-2003-0063", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-22T14:39:07.212Z"}}]}, "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "http://www.debian.org/security/2003/dsa-380", "name": "DSA-380", "tags": ["vendor-advisory", "x_transferred"]}, {"url": "http://www.redhat.com/support/errata/RHSA-2003-067.html", "name": "RHSA-2003:067", "tags": ["vendor-advisory", "x_transferred"]}, {"url": "http://www.redhat.com/support/errata/RHSA-2003-066.html", "name": "RHSA-2003:066", "tags": ["vendor-advisory", "x_transferred"]}, {"url": "http://marc.info/?l=bugtraq&m=104612710031920&w=2", "name": "20030224 Terminal Emulator Security Issues", "tags": ["mailing-list", "x_transferred"]}, {"url": "http://www.redhat.com/support/errata/RHSA-2003-064.html", "name": "RHSA-2003:064", "tags": ["vendor-advisory", "x_transferred"]}, {"url": "http://www.redhat.com/support/errata/RHSA-2003-065.html", "name": "RHSA-2003:065", "tags": ["vendor-advisory", "x_transferred"]}, {"url": "http://www.securityfocus.com/bid/6940", "name": "6940", "tags": ["vdb-entry", "x_transferred"]}, {"url": "http://www.iss.net/security_center/static/11414.php", "name": "terminal-emulator-window-title(11414)", "tags": ["vdb-entry", "x_transferred"]}, {"url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.html", "name": "20030224 Terminal Emulator Security Issues", "tags": ["mailing-list", "x_transferred"]}, {"url": "http://www.openwall.com/lists/oss-security/2024/06/15/1", "name": "[oss-security] 20240615 iTerm2 3.5.x title reporting bug", "tags": ["mailing-list", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-08T01:43:35.241Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.3, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2003-0063", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-07-24T17:38:21.119752Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:xfree86:xfree86:*:*:*:*:*:*:*:*"], "vendor": "xfree86", "product": "xfree86", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "4.2.0"}], "defaultStatus": "unknown"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-150", "description": "CWE-150 Improper Neutralization of Escape, Meta, or Control Sequences"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-24T17:39:25.055Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2003-02-24T00:00:00", "references": [{"url": "http://www.debian.org/security/2003/dsa-380", "name": "DSA-380", "tags": ["vendor-advisory"]}, {"url": "http://www.redhat.com/support/errata/RHSA-2003-067.html", "name": "RHSA-2003:067", "tags": ["vendor-advisory"]}, {"url": "http://www.redhat.com/support/errata/RHSA-2003-066.html", "name": "RHSA-2003:066", "tags": ["vendor-advisory"]}, {"url": "http://marc.info/?l=bugtraq&m=104612710031920&w=2", "name": "20030224 Terminal Emulator Security Issues", "tags": ["mailing-list"]}, {"url": "http://www.redhat.com/support/errata/RHSA-2003-064.html", "name": "RHSA-2003:064", "tags": ["vendor-advisory"]}, {"url": "http://www.redhat.com/support/errata/RHSA-2003-065.html", "name": "RHSA-2003:065", "tags": ["vendor-advisory"]}, {"url": "http://www.securityfocus.com/bid/6940", "name": "6940", "tags": ["vdb-entry"]}, {"url": "http://www.iss.net/security_center/static/11414.php", "name": "terminal-emulator-window-title(11414)", "tags": ["vdb-entry"]}, {"url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.html", "name": "20030224 Terminal Emulator Security Issues", "tags": ["mailing-list"]}, {"url": "http://www.openwall.com/lists/oss-security/2024/06/15/1", "name": "[oss-security] 20240615 iTerm2 3.5.x title reporting bug", "tags": ["mailing-list"]}], "descriptions": [{"lang": "en", "value": "The xterm terminal emulator in XFree86 4.2.0 and earlier allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute arbitrary commands."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2024-06-15T10:05:53.568606"}}}, "cveMetadata": {"cveId": "CVE-2003-0063", "state": "PUBLISHED", "dateUpdated": "2024-08-22T14:39:07.212Z", "dateReserved": "2003-02-04T00:00:00", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2004-09-01T04:00:00", "assignerShortName": "mitre"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:xfree86_project:x11r6:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "F33E5444-E178-4F49-BDA1-DE576D8526EE", "vulnerable": true}, {"criteria": "cpe:2.3:a:xfree86_project:x11r6:4.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "1BCC09AA-AB01-4583-8052-66DBF0E1861D", "vulnerable": true}, {"criteria": "cpe:2.3:a:xfree86_project:x11r6:4.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "43425C85-806B-4823-AD74-D0A0465FC8DF", "vulnerable": true}, {"criteria": "cpe:2.3:a:xfree86_project:x11r6:4.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "90FA67D9-8296-4534-8354-51B830DE3499", "vulnerable": true}, {"criteria": "cpe:2.3:a:xfree86_project:x11r6:4.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "4AC4F566-5D54-4364-B5AA-F846A0C8FCEB", "vulnerable": true}, {"criteria": "cpe:2.3:a:xfree86_project:x11r6:4.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "7F9D1BD9-4300-43B5-A87B-E2BF74E55C87", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The xterm terminal emulator in XFree86 4.2.0 and earlier allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute arbitrary commands."}, {"lang": "es", "value": "El emulador de terminal xterm en XFree86 4.2.0 permite a atacantes modificar el t\u00edtulo de la ventana mediante cierta secuencia de caracter de escape y a continuaci\u00f3n insertarlo de vuelta en la linea de comando en el terminal del usuario, por ejemplo, cuando el usuario ve un fichero que contiene la secuencia maliciosa, lo que podr\u00eda permitir ejecutar comandos arbitrarios."}], "id": "CVE-2003-0063", "lastModified": "2024-08-22T15:35:00.600", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.4, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2003-03-03T05:00:00.000", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.html"}, {"source": "cve@mitre.org", "url": "http://marc.info/?l=bugtraq&m=104612710031920&w=2"}, {"source": "cve@mitre.org", "url": "http://www.debian.org/security/2003/dsa-380"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.iss.net/security_center/static/11414.php"}, {"source": "cve@mitre.org", "url": "http://www.openwall.com/lists/oss-security/2024/06/15/1"}, {"source": "cve@mitre.org", "url": "http://www.redhat.com/support/errata/RHSA-2003-064.html"}, {"source": "cve@mitre.org", "url": "http://www.redhat.com/support/errata/RHSA-2003-065.html"}, {"source": "cve@mitre.org", "url": "http://www.redhat.com/support/errata/RHSA-2003-066.html"}, {"source": "cve@mitre.org", "url": "http://www.redhat.com/support/errata/RHSA-2003-067.html"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/6940"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-150"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{"affected_release": [{"advisory": "RHSA-2003:065", "cpe": "cpe:/o:redhat:enterprise_linux:2.1", "product_name": "Red Hat Enterprise Linux AS (Advanced Server) version 2.1", "release_date": "2003-06-25T00:00:00Z"}, {"advisory": "RHSA-2003:065", "cpe": "cpe:/o:redhat:enterprise_linux:2.1", "product_name": "Red Hat Enterprise Linux ES version 2.1", "release_date": "2003-06-25T00:00:00Z"}, {"advisory": "RHSA-2003:065", "cpe": "cpe:/o:redhat:enterprise_linux:2.1", "product_name": "Red Hat Enterprise Linux WS version 2.1", "release_date": "2003-06-25T00:00:00Z"}, {"advisory": "RHSA-2003:064", "cpe": "cpe:/o:redhat:linux:7.1", "product_name": "Red Hat Linux 7.1", "release_date": "2003-06-25T00:00:00Z"}, {"advisory": "RHSA-2003:064", "cpe": "cpe:/o:redhat:linux:7.2", "product_name": "Red Hat Linux 7.2", "release_date": "2003-06-25T00:00:00Z"}, {"advisory": "RHSA-2003:066", "cpe": "cpe:/o:redhat:linux:7.3", "product_name": "Red Hat Linux 7.3", "release_date": "2003-06-25T00:00:00Z"}, {"advisory": "RHSA-2003:067", "cpe": "cpe:/o:redhat:linux:8.0", "product_name": "Red Hat Linux 8.0", "release_date": "2003-06-25T00:00:00Z"}, {"advisory": "RHSA-2003:065", "cpe": "cpe:/o:redhat:enterprise_linux:2.1", "product_name": "Red Hat Linux Advanced Workstation 2.1", "release_date": "2003-06-25T00:00:00Z"}], "bugzilla": {"description": "security flaw", "id": "1616948", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1616948"}, "csaw": false, "details": ["The xterm terminal emulator in XFree86 4.2.0 and earlier allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute arbitrary commands."], "name": "CVE-2003-0063", "public_date": "2003-02-24T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2003-0063\nhttps://nvd.nist.gov/vuln/detail/CVE-2003-0063"], "threat_severity": "Moderate"}