Vulnerability Description
Cross-site scripting vulnerability (XSS) in the missing template handler in Macromedia ColdFusion MX allows remote attackers to execute arbitrary script as other users by injecting script into the HTTP request for the name of a template, which is not filtered in the resulting 404 error message.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Macromedia | Coldfusion | 6.0 |
| Microsoft | Internet Information Services | 5.0 |
| Microsoft | Windows 2000 | All versions |
Related Weaknesses (CWE)
References
- http://online.securityfocus.com/archive/1/277487
- http://www.macromedia.com/v1/Handlers/index.cfm?ID=23047
- http://www.securityfocus.com/bid/5011
- https://exchange.xforce.ibmcloud.com/vulnerabilities/9360
- http://online.securityfocus.com/archive/1/277487
- http://www.macromedia.com/v1/Handlers/index.cfm?ID=23047
- http://www.securityfocus.com/bid/5011
- https://exchange.xforce.ibmcloud.com/vulnerabilities/9360
FAQ
What is CVE-2002-1700?
CVE-2002-1700 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Cross-site scripting vulnerability (XSS) in the missing template handler in Macromedia ColdFusion MX allows remote attackers to execute arbitrary script as other users by injecting script into the HTT...
How severe is CVE-2002-1700?
CVE-2002-1700 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2002-1700?
Check the references section above for vendor advisories and patch information. Affected products include: Macromedia Coldfusion, Microsoft Internet Information Services, Microsoft Windows 2000.