ID
VAR-200306-0097
CVE
CVE-2003-0223
TITLE
Microsoft IIS of URL Cross-site scripting vulnerability in redirect handling
Trust: 0.8
DESCRIPTION
Cross-site scripting vulnerability (XSS) in the ASP function responsible for redirection in Microsoft Internet Information Server (IIS) 4.0, 5.0, and 5.1 allows remote attackers to embed a URL containing script in a redirection message. An attacker could exploit this issue by enticing a web user to a malicious link which contains hostile HTML or script code. This code may be rendered in the user's browser when the redirection error page is displayed
Trust: 1.89
AFFECTED PRODUCTS
| vendor: | microsoft | model: | internet information server | scope: | eq | version: | 4.0 | Trust: 1.6 |
| vendor: | microsoft | model: | internet information services | scope: | eq | version: | 5.0 | Trust: 1.6 |
| vendor: | microsoft | model: | iis | scope: | eq | version: | 5.1 | Trust: 1.1 |
| vendor: | microsoft | model: | iis | scope: | eq | version: | 5.0 | Trust: 1.1 |
| vendor: | microsoft | model: | iis | scope: | eq | version: | 4.0 | Trust: 1.1 |
| vendor: | microsoft | model: | internet information server | scope: | eq | version: | 5.0 | Trust: 0.6 |
| vendor: | microsoft | model: | internet information server | scope: | eq | version: | 5.1 | Trust: 0.6 |
| vendor: | microsoft | model: | iis | scope: | ne | version: | 6.0 | Trust: 0.3 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | ||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
PROBLEMTYPE DATA
| problemtype: | NVD-CWE-Other | Trust: 1.0 |
THREAT TYPE
remote
Trust: 0.6
TYPE
other
Trust: 0.6
CONFIGURATIONS
PATCH
| title: | MS03-018 | url: | http://www.microsoft.com/technet/security/bulletin/ms03-018.asp | Trust: 0.8 |
| title: | MS03-018 | url: | http://www.microsoft.com/japan/technet/security/bulletin/MS03-018.mspx | Trust: 0.8 |
| title: | Microsoft Internet Information Services Fixes for cross-site scripting vulnerabilities | url: | http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=134892 | Trust: 0.6 |
EXTERNAL IDS
| db: | NVD | id: | CVE-2003-0223 | Trust: 2.7 |
| db: | BID | id: | 7731 | Trust: 1.1 |
| db: | JVNDB | id: | JVNDB-2003-000154 | Trust: 0.8 |
| db: | CNNVD | id: | CNNVD-200306-037 | Trust: 0.6 |
REFERENCES
| url: | https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a66 | Trust: 1.6 |
| url: | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-018 | Trust: 1.6 |
| url: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2003-0223 | Trust: 0.8 |
| url: | http://nvd.nist.gov/nvd.cfm?cvename=cve-2003-0223 | Trust: 0.8 |
| url: | http://www.securityfocus.com/bid/7731 | Trust: 0.8 |
| url: | http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/ms02-050.asp | Trust: 0.3 |
| url: | http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/ms03-018.asp | Trust: 0.3 |
CREDITS
Microsoft Security Bulletin
Trust: 0.6
SOURCES
| db: | BID | id: | 7731 |
| db: | JVNDB | id: | JVNDB-2003-000154 |
| db: | CNNVD | id: | CNNVD-200306-037 |
| db: | NVD | id: | CVE-2003-0223 |
LAST UPDATE DATE
2025-04-03T22:19:19.510000+00:00
SOURCES UPDATE DATE
| db: | BID | id: | 7731 | date: | 2009-07-11T22:06:00 |
| db: | JVNDB | id: | JVNDB-2003-000154 | date: | 2007-04-01T00:00:00 |
| db: | CNNVD | id: | CNNVD-200306-037 | date: | 2020-11-25T00:00:00 |
| db: | NVD | id: | CVE-2003-0223 | date: | 2025-04-03T01:03:51.193 |
SOURCES RELEASE DATE
| db: | BID | id: | 7731 | date: | 2003-05-28T00:00:00 |
| db: | JVNDB | id: | JVNDB-2003-000154 | date: | 2007-04-01T00:00:00 |
| db: | CNNVD | id: | CNNVD-200306-037 | date: | 2003-05-27T00:00:00 |
| db: | NVD | id: | CVE-2003-0223 | date: | 2003-06-09T04:00:00 |