Bajie HTTP Server 实例脚本和程序跨站脚本漏洞

漏洞信息详情

Bajie HTTP Server 实例脚本和程序跨站脚本漏洞

• CNNVD编号：CNNVD-200312-124
• 危害等级： 中危
  
  
• CVE编号：
  CVE-2003-1511
  
• 漏洞类型：
  
  
  跨站脚本
  
• 发布时间：
  
  2003-12-31
  
• 威胁类型：
  
  
  远程
  
• 更新时间：
  
  2003-12-31
  
• 厂        商：
  
  bajie
• 漏洞来源：
  .’);”>Discovery of this …

Bajie Java HTTP Server 0.95 到0.95zxv4版本存在跨站脚本（XSS）漏洞。远程攻击者借助（1）test.txt的字符串查询，（2）custMsg程序的guestName参数，或者（3）CookieExample程序的cookiename参数注入任意web脚本或者HTML。

The author has fixed this issue in version 0.95zxv4 versions available on October 16th.
Bajie Java HTTP Server 0.95 d

• Bajie httpsrv.95zxv4rel.zip
  
  http://www.utdallas.edu/~gxz014000/websrv/httpsrv.95zxv4rel.zip

Bajie Java HTTP Server 0.95 zxv4

• Bajie httpsrv.95zxv4rel.zip
  
  http://www.utdallas.edu/~gxz014000/websrv/httpsrv.95zxv4rel.zip

Bajie Java HTTP Server 0.95 zxe

• Bajie httpsrv.95zxv4rel.zip
  
  http://www.utdallas.edu/~gxz014000/websrv/httpsrv.95zxv4rel.zip

Bajie Java HTTP Server 0.95 zxe1

• Bajie httpsrv.95zxv4rel.zip
  
  http://www.utdallas.edu/~gxz014000/websrv/httpsrv.95zxv4rel.zip

Bajie Java HTTP Server 0.95

• Bajie httpsrv.95zxv4rel.zip
  
  http://www.utdallas.edu/~gxz014000/websrv/httpsrv.95zxv4rel.zip

Bajie Java HTTP Server 0.95 zxc

• Bajie httpsrv.95zxv4rel.zip
  
  http://www.utdallas.edu/~gxz014000/websrv/httpsrv.95zxv4rel.zip

来源: BID
名称: 8841
链接:http://www.securityfocus.com/bid/8841

来源: BUGTRAQ
名称: 20031016 CSS Vulnerability in Bajie HTTP JServer
链接:http://www.securityfocus.com/archive/1/341452

来源: SREASON
名称: 3306
链接:http://securityreason.com/securityalert/3306

来源: SECUNIA
名称: 10023
链接:http://secunia.com/advisories/10023

来源: www.geocities.com
链接:http://www.geocities.com/gzhangx/websrv/docs/security.html