CVE-2004-2115: XSS
First published: Fri Dec 31 2004(Updated: )
Multiple cross-site scripting (XSS) vulnerabilities in Oracle HTTP Server 1.3.22, based on Apache, allow remote attackers to execute arbitrary script as other users via the (1) action, (2) username, or (3) password parameters in an isqlplus request.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Oracle HTTP Server | =9.0.1 | |
| Oracle HTTP Server | =8.1.7 | |
| Oracle HTTP Server | =9.2.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2004-2115?
CVE-2004-2115 has been classified as a medium severity vulnerability due to its potential for cross-site scripting attacks.
How do I fix CVE-2004-2115?
To fix CVE-2004-2115, it is recommended to upgrade Oracle HTTP Server to a version that is not affected by this vulnerability.
What are the affected versions of Oracle HTTP Server for CVE-2004-2115?
CVE-2004-2115 affects Oracle HTTP Server versions 8.1.7, 9.0.1, and 9.2.0.
What types of attacks can exploit CVE-2004-2115?
CVE-2004-2115 can be exploited to perform cross-site scripting attacks, allowing attackers to execute arbitrary scripts in the context of another user.
Who is at risk from CVE-2004-2115?
Users of Oracle HTTP Server versions 8.1.7, 9.0.1, and 9.2.0 are at risk of exploitation due to CVE-2004-2115.
- agent/type
- agent/softwarecombine
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/author
- agent/references
- agent/weakness
- agent/last-modified-date
- agent/event
- agent/description
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-historical
- vendor/oracle
- product/http server
- canonical/oracle http server
- version/oracle http server/8.1.7
- version/oracle http server/9.0.1
- version/oracle http server/9.2.0