CVE-2002-0840 : Detail

Cross-site scripting (XSS) vulnerability in the default error page of Apache 2.0 before 2.0.43, and 1.3.x up to 1.3.26, when UseCanonicalName is "Off" and support for wildcard DNS is present, allows remote attackers to execute script as other web page visitors via the Host: header, a different vulnerability than CAN-2002-1157.

Metrics

EPSS

EPSS Score

EPSS Percentile

Exploit information

Exploit Database EDB-ID : 21885

Publication date : 2002-10-01 22h00 +00:00
Author : mattmurphy
EDB Verified : Yes

Products Mentioned

Configuraton 0

Apache>>Http_server >> Version 1.3

Apache>>Http_server >> Version 1.3.1

Apache>>Http_server >> Version 1.3.3

Apache>>Http_server >> Version 1.3.4

Apache>>Http_server >> Version 1.3.6

Apache>>Http_server >> Version 1.3.9

Apache>>Http_server >> Version 1.3.11

Apache>>Http_server >> Version 1.3.12

Apache>>Http_server >> Version 1.3.14

Apache>>Http_server >> Version 1.3.17

Apache>>Http_server >> Version 1.3.18

Apache>>Http_server >> Version 1.3.19

Apache>>Http_server >> Version 1.3.20

Apache>>Http_server >> Version 1.3.22

Apache>>Http_server >> Version 1.3.23

Apache>>Http_server >> Version 1.3.24

Apache>>Http_server >> Version 1.3.25

Apache>>Http_server >> Version 1.3.26

Apache>>Http_server >> Version 2.0

Apache>>Http_server >> Version 2.0.28

Apache>>Http_server >> Version 2.0.32

Apache>>Http_server >> Version 2.0.35

Apache>>Http_server >> Version 2.0.36

Apache>>Http_server >> Version 2.0.37

Apache>>Http_server >> Version 2.0.38

Apache>>Http_server >> Version 2.0.39

Apache>>Http_server >> Version 2.0.40

Apache>>Http_server >> Version 2.0.41

Apache>>Http_server >> Version 2.0.42

Oracle>>Application_server >> Version 1.0.2

Oracle>>Application_server >> Version 1.0.2.1s

Oracle>>Application_server >> Version 1.0.2.2

Oracle>>Application_server >> Version 9.0.2

Oracle>>Application_server >> Version 9.0.2

Oracle>>Application_server >> Version 9.0.2.1

Oracle>>Database_server >> Version 8.1.7

Oracle>>Database_server >> Version 9.2.1

Oracle>>Database_server >> Version 9.2.2

Oracle>>Oracle8i >> Version 8.1.7

Oracle>>Oracle8i >> Version 8.1.7.1

Oracle>>Oracle8i >> Version 8.1.7_.0.0_enterprise

Oracle>>Oracle8i >> Version 8.1.7_.1.0_enterprise

Oracle>>Oracle9i >> Version 9.0

Oracle>>Oracle9i >> Version 9.0.1

Oracle>>Oracle9i >> Version 9.0.1.2

Oracle>>Oracle9i >> Version 9.0.1.3

Oracle>>Oracle9i >> Version 9.0.2

References