PT-2002-2905 · Perception · Perception Liteserve

Published

2002-12-31

Updated

2008-09-05

CVE-2002-2192

CVSS v2.0

4.3

Medium

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions: Perception LiteServe version 2.0.1

Description: A cross-site scripting (XSS) issue allows remote attackers to execute arbitrary web script. This can be achieved via the Host: header when DNS wildcards are supported or through the query string in a "dir" request to indexed folders.

Recommendations: For Perception LiteServe version 2.0.1, consider disabling the ability to process arbitrary query strings in "dir" requests to indexed folders as a temporary workaround until a patch is available. Restrict access to the Host: header when DNS wildcards are supported to minimize the risk of exploitation.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2002-2192

Affected Products

Perception Liteserve

PT-2002-2905 · Perception · Perception Liteserve

CVE-2002-2192

Related Identifiers

Affected Products

References · 8