CVE-2002-1168

IBM Web Traffic Express Caching Proxy Server 3.6-4.0.1.25 - XSS

Title source: llm
STIX 2.1

Description

Cross-site scripting (XSS) vulnerability in IBM Web Traffic Express Caching Proxy Server 3.6 and 4.x before 4.0.1.26 allows remote attackers to execute script as other users via an HTTP request that contains an Location: header with a "%0a%0d" (CRLF) sequence, which echoes the Location as an HTTP header in the server response.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Rapid7 · textremoteunix
https://www.exploit-db.com/exploits/21948

References (2)

Core 2
Core References
Vendor Advisory vdb-entry x_refsource_xf
http://www.iss.net/security_center/static/10454.php
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/6001

Scores

EPSS 0.0309
EPSS Percentile 86.9%

Details

Status published
Products (2)
ibm/websphere_caching_proxy_server 3.6
ibm/websphere_caching_proxy_server 4.0
Published Nov 04, 2002
Tracked Since Feb 18, 2026