CVE-2000-1205
Apache HTTP Server 1.3.0-1.3.11 - Cross-Site Scripting via ap_send_error_response Function
Title source: llmDescription
Cross site scripting vulnerabilities in Apache 1.3.0 through 1.3.11 allow remote attackers to execute script as other web site visitors via (1) the printenv CGI (printenv.pl), which does not encode its output, (2) pages generated by the ap_send_error_response function such as a default 404, which does not add an explicit charset, or (3) various messages that are generated by certain Apache modules or core code. NOTE: the printenv issue might still exist for web browsers that can render text/plain content types as HTML, such as Internet Explorer, but CVE regards this as a design limitation of those browsers, not Apache. The printenv.pl/acuparam vector, discloser on 20070724, is one such variant.
References (11)
Core 11
Core References
Third Party Advisory mailing-list
x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2002-12/0233.html
Mailing List mailing-list
x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=118529436424127&w=2
Various Sources mailing-list
x_refsource_bugtraq
http://archive.cert.uni-stuttgart.de/bugtraq/2002/12/msg00243.html
Patch, Vendor Advisory x_refsource_confirm
http://httpd.apache.org/info/css-security/apache_specific.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/10938
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/35597
Mailing List mailing-list
x_refsource_mlist
https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E
Mailing List mailing-list
x_refsource_mlist
https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5%40%3Ccvs.httpd.apache.org%3E
Mailing List mailing-list
x_refsource_mlist
https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E
Mailing List mailing-list
x_refsource_mlist
https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4%40%3Ccvs.httpd.apache.org%3E
Mailing List mailing-list
x_refsource_mlist
https://lists.apache.org/thread.html/rf2f0f3611f937cf6cfb3b4fe4a67f69885855126110e1e3f2fb2728e%40%3Ccvs.httpd.apache.org%3E
Scores
EPSS
0.2346
EPSS Percentile
97.5%
Details
CWE
CWE-79
Status
published
Products (12)
apache/http_server
1.3.0
apache/http_server
1.3.1
apache/http_server
1.3.2
apache/http_server
1.3.3
apache/http_server
1.3.4
apache/http_server
1.3.5
apache/http_server
1.3.6
apache/http_server
1.3.7
apache/http_server
1.3.8
apache/http_server
1.3.9
... and 2 more
Published
Feb 01, 2000
Tracked Since
Feb 18, 2026