CVE-2003-1511

Bajie Java HTTP Server 0.95-0.95zxv4 - Cross-Site Scripting via Query String or Servlet Parameters

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2003-1511. PoCs published by Oliver Karow.

AI-analyzed exploit summary The provided text describes multiple cross-site scripting (XSS) vulnerabilities in Bajie HTTP Server's demonstration scripts and servlets. It includes example URLs and HTTP requests that could be used to exploit these vulnerabilities by injecting malicious scripts.

Description

Cross-site scripting (XSS) vulnerability in Bajie Java HTTP Server 0.95 through 0.95zxv4 allows remote attackers to inject arbitrary web script or HTML via (1) the query string to test.txt, (2) the guestName parameter to the custMsg servlet, or (3) the cookiename parameter to the CookieExample servlet.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Oliver Karow · textremotemultiple

https://www.exploit-db.com/exploits/23257

View Code ZIP pw:eip

The provided text describes multiple cross-site scripting (XSS) vulnerabilities in Bajie HTTP Server's demonstration scripts and servlets. It includes example URLs and HTTP requests that could be used to exploit these vulnerabilities by injecting malicious scripts.

Classification

Writeup 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: Bajie HTTP Server (version not specified)

No auth needed

Prerequisites: Access to the vulnerable server · User interaction to follow malicious links

MITRE ATT&CK

T1059.007 - JavaScript

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5

Core References

Various Sources x_refsource_confirm

http://www.geocities.com/gzhangx/websrv/docs/security.html

Exploit, Patch vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/8841

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/10023

Exploit mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/341452

Exploit third-party-advisory x_refsource_sreason

http://securityreason.com/securityalert/3306

Scores

EPSS 0.0363

EPSS Percentile 88.0%

Details

CWE

CWE-79

Status published

Products (1)

bajie/java_http_server 0.95 (6 CPE variants)

Published Dec 31, 2003

Tracked Since Feb 18, 2026