Vulnerability Details : CVE-2000-1205
Cross site scripting vulnerabilities in Apache 1.3.0 through 1.3.11 allow remote attackers to execute script as other web site visitors via (1) the printenv CGI (printenv.pl), which does not encode its output, (2) pages generated by the ap_send_error_response function such as a default 404, which does not add an explicit charset, or (3) various messages that are generated by certain Apache modules or core code. NOTE: the printenv issue might still exist for web browsers that can render text/plain content types as HTML, such as Internet Explorer, but CVE regards this as a design limitation of those browsers, not Apache. The printenv.pl/acuparam vector, discloser on 20070724, is one such variant.
Vulnerability category: Cross site scripting (XSS)
Threat overview for CVE-2000-1205
Top countries where our scanners detected CVE-2000-1205
Top open port discovered on systems with this issue
80
IPs affected by CVE-2000-1205 374
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2000-1205!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2000-1205
Probability of exploitation activity in the next 30 days: 0.26%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 63 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2000-1205
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:N/I:P/A:N |
8.6
|
2.9
|
NIST |
CWE ids for CVE-2000-1205
-
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.Assigned by: nvd@nist.gov (Primary)
Vendor statements for CVE-2000-1205
-
Apache 2008-07-02Fixed in Apache HTTP Server 1.3.12: http://httpd.apache.org/security/vulnerabilities_13.html
-
https://lists.apache.org/thread.html/rf2f0f3611f937cf6cfb3b4fe4a67f69885855126110e1e3f2fb2728e@%3Ccvs.httpd.apache.org%3E
svn commit: r1075470 [1/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_2
-
https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E
svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/ - Pony Mail
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/10938
-
http://archives.neohapsis.com/archives/bugtraq/2002-12/0233.html
-
http://archive.cert.uni-stuttgart.de/bugtraq/2002/12/msg00243.html
-
https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E
Pony Mail!
-
http://marc.info/?l=bugtraq&m=118529436424127&w=2
-
https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5@%3Ccvs.httpd.apache.org%3E
svn commit: r1073140 [1/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html s
-
https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4@%3Ccvs.httpd.apache.org%3E
svn commit: r1075360 [1/3] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_2
-
http://httpd.apache.org/info/css-security/apache_specific.html
Patch;Vendor Advisory
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/35597
- cpe:2.3:a:apache:http_server:1.3.9:*:*:*:*:*:*:*
- cpe:2.3:a:apache:http_server:1.3.11:*:*:*:*:*:*:*
- cpe:2.3:a:apache:http_server:1.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:apache:http_server:1.3.5:*:*:*:*:*:*:*
- cpe:2.3:a:apache:http_server:1.3.6:*:*:*:*:*:*:*
- cpe:2.3:a:apache:http_server:1.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:apache:http_server:1.3.10:*:*:*:*:*:*:*
- cpe:2.3:a:apache:http_server:1.3.7:*:*:*:*:*:*:*
- cpe:2.3:a:apache:http_server:1.3.8:*:*:*:*:*:*:*
- cpe:2.3:a:apache:http_server:1.3.2:*:*:*:*:*:*:*
- cpe:2.3:a:apache:http_server:1.3.3:*:*:*:*:*:*:*
- cpe:2.3:a:apache:http_server:1.3.4:*:*:*:*:*:*:*