Security Database IT Watching - Alert Detail

This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.

INFORMATION

Name	:	CVE-2003-1587	First Publication	:	2010-02-05
Severity	:	Medium	Last Modification	:	2010-03-12

SCORING CVSS v2

Cvss Base Score	:	5	Attack Range	:	Network
Cvss Impact Score	:	2.9	Attack Complexity	:	Low
Cvss Expoit Score	:	10	Authentification	:	None Required
Calculate full CVSS 2.0 Vectors scores

DETAIL

Cross-site scripting (XSS) vulnerability in LoganPro allows remote attackers to inject arbitrary web script or HTML via a crafted User-Agent HTTP header.

CWE COMMON WEAKNESS ENUMERATION

CWE-79 - Failure to Preserve Web Page Structure ('Cross-site Scripting') (CWE/SANS Top 25)

CPE COMMON PLATFORM ENUMERATION

Application : Iplanet Loganpro
- cpe:/a:iplanet:loganpro

OPEN SOURCE VULNERABILTY DATABASE (OSVDB)

62224 : LoganPro User-Agent HTTP Header XSS.

SECONDARY(S) SOURCE(S)

Source : BUGTRAQ
Url : http://www.securityfocus.com/archive/1/313867

Source : XF
Url : http://xforce.iss.net/xforce/xfdb/56645