Sign-up

ID

VAR-200212-0495


CVE

CVE-2002-1795


TITLE

Microsoft TSAC Web Package and Microsoft IIS Vulnerable to cross-site scripting

Trust: 0.8

sources: JVNDB: JVNDB-2002-000247

DESCRIPTION

Cross-site scripting (XSS) vulnerability in connect.asp in Microsoft Terminal Services Advanced Client (TSAC) ActiveX control allows remote attackers to inject arbitrary web script or HTML via unknown vectors. Microsoft TSAC Web Package and Microsoft IIS Included in the component connect.asp Is vulnerable to cross-site scripting due to improper sanitization of external input.Microsoft TSAC Web Package and Microsoft IIS 5.1 In any web Scripts and HTML May be inserted. It is an optional component that is installed by end-users. An attacker could construct a malicious link to a vulnerable host that contains arbitrary HTML and script code. If this link is visited by a web user, the attacker-supplied code will be rendered in their browser, in the security context of the vulnerable site

Trust: 1.89

sources: NVD: CVE-2002-1795 // JVNDB: JVNDB-2002-000247 // BID: 5952

AFFECTED PRODUCTS

vendor:microsoftmodel:tsac activex controlscope:eqversion:*

Trust: 1.0

vendor:microsoftmodel:tsac activex controlscope: - version: -

Trust: 0.9

vendor:microsoftmodel:iisscope:eqversion:4.0

Trust: 0.8

vendor:microsoftmodel:iisscope:eqversion:5.0

Trust: 0.8

vendor:microsoftmodel:iisscope:eqversion:5.1

Trust: 0.8

vendor:microsoftmodel:windows 2000scope: - version: -

Trust: 0.8

vendor:microsoftmodel:windows ntscope:eqversion:4.0 (server)

Trust: 0.8

vendor:microsoftmodel:windows ntscope:eqversion:4.0 (terminal_srv)

Trust: 0.8

vendor:microsoftmodel:windows xpscope:eqversion:sp3

Trust: 0.8

sources: BID: 5952 // JVNDB: JVNDB-2002-000247 // CNNVD: CNNVD-200212-622 // NVD: CVE-2002-1795

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2002-1795
value: MEDIUM

Trust: 1.0

NVD: CVE-2002-1795
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-200212-622
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2002-1795
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

sources: JVNDB: JVNDB-2002-000247 // CNNVD: CNNVD-200212-622 // NVD: CVE-2002-1795

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2002-1795

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200212-622

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-200212-622

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2002-000247

PATCH
title:Top Pageurl:http://www.microsoft.com/ja/jp/default.aspx
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2002-000247

EXTERNAL IDS
db:BIDid:5952
Trust: 2.7
db:NVDid:CVE-2002-1795
Trust: 2.4
db:JVNDBid:JVNDB-2002-000247
Trust: 0.8
db:XFid:10342
Trust: 0.6
db:NSFOCUSid:3654
Trust: 0.6
db:CNNVDid:CNNVD-200212-622
Trust: 0.6
sources:
            
            
            BID: 5952 // 
            
            
            
            JVNDB: JVNDB-2002-000247 // 
            
            
            
            CNNVD: CNNVD-200212-622 // 
            
            
            
            NVD: CVE-2002-1795

REFERENCES
url:http://www.securityfocus.com/bid/5952
Trust: 2.4
url:http://www.iss.net/security_center/static/10342.php
Trust: 1.6
url:http://online.securityfocus.com/archive/1/294938
Trust: 1.0
url:http://www.lac.co.jp/security/english/snsadv_e/56_e.html
Trust: 1.0
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2002-1795
Trust: 0.8
url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2002-1795
Trust: 0.8
url:http://www.nsfocus.net/vulndb/3654
Trust: 0.6
url:http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/ms02-046.asp
Trust: 0.3
sources:
            
            
            BID: 5952 // 
            
            
            
            JVNDB: JVNDB-2002-000247 // 
            
            
            
            CNNVD: CNNVD-200212-622 // 
            
            
            
            NVD: CVE-2002-1795

CREDITS
ARAI Yuu※ y.arai@lac.co.jp
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-200212-622

SOURCES
db:BIDid:5952
db:JVNDBid:JVNDB-2002-000247
db:CNNVDid:CNNVD-200212-622
db:NVDid:CVE-2002-1795

LAST UPDATE DATE
2024-08-14T14:23:08.897000+00:00

SOURCES UPDATE DATE
db:BIDid:5952date:2002-10-11T00:00:00
db:JVNDBid:JVNDB-2002-000247date:2007-04-01T00:00:00
db:CNNVDid:CNNVD-200212-622date:2005-10-20T00:00:00
db:NVDid:CVE-2002-1795date:2008-09-05T20:31:32.247

SOURCES RELEASE DATE
db:BIDid:5952date:2002-10-11T00:00:00
db:JVNDBid:JVNDB-2002-000247date:2007-04-01T00:00:00
db:CNNVDid:CNNVD-200212-622date:2002-10-11T00:00:00
db:NVDid:CVE-2002-1795date:2002-12-31T05:00:00