CVE-2002-1455 in OmniHTTPD
Summary
by MITRE
Multiple cross-site scripting (XSS) vulnerabilities in OmniHTTPd allow remote attackers to insert script or HTML into web pages via (1) test.php, (2) test.shtml, or (3) redir.exe.
Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
Analysis
by VulDB Data Team • 09/05/2025
The CVE-2002-1455 vulnerability represents a significant security flaw in OmniHTTPd web server software that exposes multiple cross-site scripting attack vectors. This vulnerability allows remote attackers to inject malicious scripts or HTML content into web pages through three specific executable components: test.php, test.shtml, and redir.exe. The flaw stems from inadequate input validation and output encoding mechanisms within the OmniHTTPd server implementation, creating persistent entry points for malicious actors to exploit.
The technical nature of this vulnerability aligns with CWE-79, which specifically addresses cross-site scripting weaknesses in web applications. The vulnerability occurs when user-supplied input is not properly sanitized before being rendered in web page contexts, allowing attackers to inject malicious payloads that execute in the victim's browser. The three attack vectors demonstrate a systemic failure in the web server's input handling, where each component fails to adequately validate or escape user-provided data before incorporating it into dynamic web content.
From an operational perspective, this vulnerability presents a severe risk to organizations utilizing OmniHTTPd servers, as it enables attackers to perform various malicious activities including session hijacking, credential theft, and data exfiltration. The remote nature of the attack means that exploitation does not require physical access to the target system, making it particularly dangerous for web applications serving public users. Successful exploitation could lead to complete compromise of user sessions and potential lateral movement within network environments where these vulnerable servers operate.
The attack surface is particularly concerning given that OmniHTTPd was widely used in enterprise environments during the early 2000s, making this vulnerability potentially impactful across numerous organizations. The presence of multiple attack vectors increases the likelihood of successful exploitation and provides attackers with alternative pathways when one vector is blocked or patched. Organizations should consider implementing comprehensive input validation mechanisms, output encoding, and regular security assessments to mitigate such vulnerabilities. The ATT&CK framework categorizes this type of vulnerability under T1059.007 for Scripting and T1566.001 for Phishing, highlighting the broader attack patterns that leverage such XSS weaknesses. Mitigation strategies should include immediate patching of affected versions, implementation of web application firewalls, and deployment of Content Security Policy headers to prevent script execution in vulnerable contexts.