Search for vulnerabilities
Vulnerability details: VCID-z8jb-gzdv-aaab
Vulnerability ID VCID-z8jb-gzdv-aaab
Aliases CVE-2000-1205
Summary Cross site scripting vulnerabilities in Apache 1.3.0 through 1.3.11 allow remote attackers to execute script as other web site visitors via (1) the printenv CGI (printenv.pl), which does not encode its output, (2) pages generated by the ap_send_error_response function such as a default 404, which does not add an explicit charset, or (3) various messages that are generated by certain Apache modules or core code. NOTE: the printenv issue might still exist for web browsers that can render text/plain content types as HTML, such as Internet Explorer, but CVE regards this as a design limitation of those browsers, not Apache. The printenv.pl/acuparam vector, discloser on 20070724, is one such variant.
Status Published
Exploitability 0.5
Weighted Severity 6.2
Risk 3.1
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
System Score Found at
epss 0.00256 https://api.first.org/data/v1/epss?cve=CVE-2000-1205
epss 0.00256 https://api.first.org/data/v1/epss?cve=CVE-2000-1205
epss 0.00256 https://api.first.org/data/v1/epss?cve=CVE-2000-1205
epss 0.00256 https://api.first.org/data/v1/epss?cve=CVE-2000-1205
epss 0.00256 https://api.first.org/data/v1/epss?cve=CVE-2000-1205
epss 0.00256 https://api.first.org/data/v1/epss?cve=CVE-2000-1205
epss 0.00256 https://api.first.org/data/v1/epss?cve=CVE-2000-1205
epss 0.00256 https://api.first.org/data/v1/epss?cve=CVE-2000-1205
epss 0.00256 https://api.first.org/data/v1/epss?cve=CVE-2000-1205
epss 0.00256 https://api.first.org/data/v1/epss?cve=CVE-2000-1205
epss 0.00256 https://api.first.org/data/v1/epss?cve=CVE-2000-1205
epss 0.00256 https://api.first.org/data/v1/epss?cve=CVE-2000-1205
epss 0.00256 https://api.first.org/data/v1/epss?cve=CVE-2000-1205
epss 0.00423 https://api.first.org/data/v1/epss?cve=CVE-2000-1205
epss 0.00423 https://api.first.org/data/v1/epss?cve=CVE-2000-1205
epss 0.00423 https://api.first.org/data/v1/epss?cve=CVE-2000-1205
epss 0.00423 https://api.first.org/data/v1/epss?cve=CVE-2000-1205
epss 0.04115 https://api.first.org/data/v1/epss?cve=CVE-2000-1205
epss 0.05656 https://api.first.org/data/v1/epss?cve=CVE-2000-1205
epss 0.05656 https://api.first.org/data/v1/epss?cve=CVE-2000-1205
epss 0.05656 https://api.first.org/data/v1/epss?cve=CVE-2000-1205
epss 0.05656 https://api.first.org/data/v1/epss?cve=CVE-2000-1205
epss 0.05656 https://api.first.org/data/v1/epss?cve=CVE-2000-1205
epss 0.05656 https://api.first.org/data/v1/epss?cve=CVE-2000-1205
epss 0.05656 https://api.first.org/data/v1/epss?cve=CVE-2000-1205
epss 0.05656 https://api.first.org/data/v1/epss?cve=CVE-2000-1205
epss 0.05656 https://api.first.org/data/v1/epss?cve=CVE-2000-1205
epss 0.05656 https://api.first.org/data/v1/epss?cve=CVE-2000-1205
epss 0.05656 https://api.first.org/data/v1/epss?cve=CVE-2000-1205
epss 0.05656 https://api.first.org/data/v1/epss?cve=CVE-2000-1205
epss 0.05656 https://api.first.org/data/v1/epss?cve=CVE-2000-1205
epss 0.05656 https://api.first.org/data/v1/epss?cve=CVE-2000-1205
epss 0.05656 https://api.first.org/data/v1/epss?cve=CVE-2000-1205
epss 0.05656 https://api.first.org/data/v1/epss?cve=CVE-2000-1205
epss 0.05656 https://api.first.org/data/v1/epss?cve=CVE-2000-1205
epss 0.05656 https://api.first.org/data/v1/epss?cve=CVE-2000-1205
epss 0.05656 https://api.first.org/data/v1/epss?cve=CVE-2000-1205
epss 0.05656 https://api.first.org/data/v1/epss?cve=CVE-2000-1205
epss 0.05656 https://api.first.org/data/v1/epss?cve=CVE-2000-1205
epss 0.05656 https://api.first.org/data/v1/epss?cve=CVE-2000-1205
epss 0.05656 https://api.first.org/data/v1/epss?cve=CVE-2000-1205
epss 0.05656 https://api.first.org/data/v1/epss?cve=CVE-2000-1205
epss 0.05656 https://api.first.org/data/v1/epss?cve=CVE-2000-1205
epss 0.05656 https://api.first.org/data/v1/epss?cve=CVE-2000-1205
epss 0.05656 https://api.first.org/data/v1/epss?cve=CVE-2000-1205
epss 0.05656 https://api.first.org/data/v1/epss?cve=CVE-2000-1205
epss 0.05656 https://api.first.org/data/v1/epss?cve=CVE-2000-1205
epss 0.05656 https://api.first.org/data/v1/epss?cve=CVE-2000-1205
epss 0.05656 https://api.first.org/data/v1/epss?cve=CVE-2000-1205
epss 0.05656 https://api.first.org/data/v1/epss?cve=CVE-2000-1205
epss 0.05656 https://api.first.org/data/v1/epss?cve=CVE-2000-1205
epss 0.05656 https://api.first.org/data/v1/epss?cve=CVE-2000-1205
epss 0.05656 https://api.first.org/data/v1/epss?cve=CVE-2000-1205
epss 0.05656 https://api.first.org/data/v1/epss?cve=CVE-2000-1205
epss 0.05656 https://api.first.org/data/v1/epss?cve=CVE-2000-1205
epss 0.05656 https://api.first.org/data/v1/epss?cve=CVE-2000-1205
epss 0.05656 https://api.first.org/data/v1/epss?cve=CVE-2000-1205
epss 0.05656 https://api.first.org/data/v1/epss?cve=CVE-2000-1205
epss 0.05656 https://api.first.org/data/v1/epss?cve=CVE-2000-1205
epss 0.05656 https://api.first.org/data/v1/epss?cve=CVE-2000-1205
epss 0.05656 https://api.first.org/data/v1/epss?cve=CVE-2000-1205
epss 0.05656 https://api.first.org/data/v1/epss?cve=CVE-2000-1205
epss 0.05656 https://api.first.org/data/v1/epss?cve=CVE-2000-1205
epss 0.05656 https://api.first.org/data/v1/epss?cve=CVE-2000-1205
epss 0.05656 https://api.first.org/data/v1/epss?cve=CVE-2000-1205
epss 0.05656 https://api.first.org/data/v1/epss?cve=CVE-2000-1205
epss 0.05656 https://api.first.org/data/v1/epss?cve=CVE-2000-1205
epss 0.05656 https://api.first.org/data/v1/epss?cve=CVE-2000-1205
epss 0.05656 https://api.first.org/data/v1/epss?cve=CVE-2000-1205
epss 0.05656 https://api.first.org/data/v1/epss?cve=CVE-2000-1205
epss 0.05656 https://api.first.org/data/v1/epss?cve=CVE-2000-1205
epss 0.05656 https://api.first.org/data/v1/epss?cve=CVE-2000-1205
epss 0.05656 https://api.first.org/data/v1/epss?cve=CVE-2000-1205
epss 0.05656 https://api.first.org/data/v1/epss?cve=CVE-2000-1205
epss 0.05656 https://api.first.org/data/v1/epss?cve=CVE-2000-1205
epss 0.05656 https://api.first.org/data/v1/epss?cve=CVE-2000-1205
epss 0.05656 https://api.first.org/data/v1/epss?cve=CVE-2000-1205
apache_httpd important https://httpd.apache.org/security/json/CVE-2000-1205.json
cvssv2 4.3 https://nvd.nist.gov/vuln/detail/CVE-2000-1205
Reference id Reference type URL
http://archive.cert.uni-stuttgart.de/bugtraq/2002/12/msg00243.html
http://archives.neohapsis.com/archives/bugtraq/2002-12/0233.html
http://httpd.apache.org/info/css-security/apache_specific.html
http://marc.info/?l=bugtraq&m=118529436424127&w=2
https://api.first.org/data/v1/epss?cve=CVE-2000-1205
https://exchange.xforce.ibmcloud.com/vulnerabilities/10938
https://exchange.xforce.ibmcloud.com/vulnerabilities/35597
https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rf2f0f3611f937cf6cfb3b4fe4a67f69885855126110e1e3f2fb2728e@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rf2f0f3611f937cf6cfb3b4fe4a67f69885855126110e1e3f2fb2728e%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E
cpe:2.3:a:apache:http_server:1.3.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:1.3.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:1.3.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:1.3.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:1.3.10:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:1.3.10:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:1.3.11:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:1.3.11:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:1.3.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:1.3.2:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:1.3.3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:1.3.3:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:1.3.4:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:1.3.4:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:1.3.5:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:1.3.5:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:1.3.6:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:1.3.6:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:1.3.7:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:1.3.7:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:1.3.8:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:1.3.8:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:1.3.9:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:1.3.9:*:*:*:*:*:*:*
CVE-2000-1205 https://httpd.apache.org/security/json/CVE-2000-1205.json
CVE-2000-1205 https://nvd.nist.gov/vuln/detail/CVE-2000-1205
No exploits are available.
Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2000-1205
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.65824
EPSS Score 0.00256
Published At Nov. 1, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.