CVE-2002-1445

CERN Proxy Server - Cross-Site Scripting via Error Page

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2002-1445. PoCs published by TAKAGI Hiromitsu.

AI-analyzed exploit summary This is a writeup describing a cross-site scripting (XSS) vulnerability in CERN httpd Proxy. The vulnerability allows arbitrary HTML or script code to be embedded in error messages, which can execute in the context of the proxy server's error page.

Description

Cross-site scripting (XSS) vulnerability in CERN Proxy Server allows remote attackers to execute script as other users via a link to a non-existent page whose name contains the script, which is inserted into the resulting error page.

Exploits (1)

exploitdb WRITEUP VERIFIED
by TAKAGI Hiromitsu · textremoteunix
https://www.exploit-db.com/exploits/21704

This is a writeup describing a cross-site scripting (XSS) vulnerability in CERN httpd Proxy. The vulnerability allows arbitrary HTML or script code to be embedded in error messages, which can execute in the context of the proxy server's error page.

Classification
Writeup 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: CERN httpd Proxy
No auth needed
Prerequisites: Browser configured to use CERN httpd as a proxy
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Exploit mailing-list x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2002-08/0097.html
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/5447
Third Party Advisory vdb-entry x_refsource_xf
http://www.iss.net/security_center/static/9834.php

Scores

EPSS 0.0387
EPSS Percentile 88.9%

Details

Status published
Products (1)
w3c/cern_httpd 3.0
Published Aug 12, 2002
Tracked Since Feb 18, 2026