Cross-site scripting (XSS) vulnerability in the default error page of Apache 2.0 before 2.0.43, and 1.3.x up to 1.3.26, when UseCanonicalName is Off and support for wildcard DNS is present, allows remote attackers to execute script as other web page visitors via the Host: header, a different vulnerability than CAN-2002-1157.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Http_server | Apache | 1.3 (including) | 1.3 (including) |
| Http_server | Apache | 1.3.1 (including) | 1.3.1 (including) |
| Http_server | Apache | 1.3.3 (including) | 1.3.3 (including) |
| Http_server | Apache | 1.3.4 (including) | 1.3.4 (including) |
| Http_server | Apache | 1.3.6 (including) | 1.3.6 (including) |
| Http_server | Apache | 1.3.9 (including) | 1.3.9 (including) |
| Http_server | Apache | 1.3.11 (including) | 1.3.11 (including) |
| Http_server | Apache | 1.3.12 (including) | 1.3.12 (including) |
| Http_server | Apache | 1.3.14 (including) | 1.3.14 (including) |
| Http_server | Apache | 1.3.17 (including) | 1.3.17 (including) |
| Http_server | Apache | 1.3.18 (including) | 1.3.18 (including) |
| Http_server | Apache | 1.3.19 (including) | 1.3.19 (including) |
| Http_server | Apache | 1.3.20 (including) | 1.3.20 (including) |
| Http_server | Apache | 1.3.22 (including) | 1.3.22 (including) |
| Http_server | Apache | 1.3.23 (including) | 1.3.23 (including) |
| Http_server | Apache | 1.3.24 (including) | 1.3.24 (including) |
| Http_server | Apache | 1.3.25 (including) | 1.3.25 (including) |
| Http_server | Apache | 1.3.26 (including) | 1.3.26 (including) |
| Http_server | Apache | 2.0 (including) | 2.0 (including) |
| Http_server | Apache | 2.0.28 (including) | 2.0.28 (including) |
| Http_server | Apache | 2.0.32 (including) | 2.0.32 (including) |
| Http_server | Apache | 2.0.35 (including) | 2.0.35 (including) |
| Http_server | Apache | 2.0.36 (including) | 2.0.36 (including) |
| Http_server | Apache | 2.0.37 (including) | 2.0.37 (including) |
| Http_server | Apache | 2.0.38 (including) | 2.0.38 (including) |
| Http_server | Apache | 2.0.39 (including) | 2.0.39 (including) |
| Http_server | Apache | 2.0.40 (including) | 2.0.40 (including) |
| Http_server | Apache | 2.0.41 (including) | 2.0.41 (including) |
| Http_server | Apache | 2.0.42 (including) | 2.0.42 (including) |
| Application_server | Oracle | 1.0.2 (including) | 1.0.2 (including) |
| Application_server | Oracle | 1.0.2.1s (including) | 1.0.2.1s (including) |
| Application_server | Oracle | 1.0.2.2 (including) | 1.0.2.2 (including) |
| Application_server | Oracle | 9.0.2 (including) | 9.0.2 (including) |
| Application_server | Oracle | 9.0.2-r2 (including) | 9.0.2-r2 (including) |
| Application_server | Oracle | 9.0.2.1 (including) | 9.0.2.1 (including) |
| Database_server | Oracle | 8.1.7 (including) | 8.1.7 (including) |
| Database_server | Oracle | 9.2.1 (including) | 9.2.1 (including) |
| Database_server | Oracle | 9.2.2 (including) | 9.2.2 (including) |
| Oracle8i | Oracle | 8.1.7 (including) | 8.1.7 (including) |
| Oracle8i | Oracle | 8.1.7.1 (including) | 8.1.7.1 (including) |
| Oracle8i | Oracle | 8.1.7_.0.0_enterprise (including) | 8.1.7_.0.0_enterprise (including) |
| Oracle8i | Oracle | 8.1.7_.1.0_enterprise (including) | 8.1.7_.1.0_enterprise (including) |
| Oracle9i | Oracle | 9.0 (including) | 9.0 (including) |
| Oracle9i | Oracle | 9.0.1 (including) | 9.0.1 (including) |
| Oracle9i | Oracle | 9.0.1.2 (including) | 9.0.1.2 (including) |
| Oracle9i | Oracle | 9.0.1.3 (including) | 9.0.1.3 (including) |
| Oracle9i | Oracle | 9.0.2 (including) | 9.0.2 (including) |
| Red Hat Enterprise Linux AS (Advanced Server) version 2.1 | RedHat | * | |
| Red Hat Linux 6.2 | RedHat | * | |
| Red Hat Linux 7.0 | RedHat | * | |
| Red Hat Linux 7.1 | RedHat | * | |
| Red Hat Linux 7.1 | RedHat | * | |
| Red Hat Linux 7.2 | RedHat | * | |
| Red Hat Linux 7.3 | RedHat | * | |
| Red Hat Linux 8.0 | RedHat | * | |
| Red Hat Linux Advanced Workstation 2.1 | RedHat | * | |
| Red Hat Stronghold 3 | RedHat | * | |
| Red Hat Stronghold 4 | RedHat | * | |
| Stronghold 4 for Red Hat Enterprise Linux | RedHat | * | |
| Apache | Ubuntu | dapper | * |
| Apache | Ubuntu | edgy | * |
| Apache | Ubuntu | feisty | * |
| Apache2 | Ubuntu | dapper | * |
| Apache2 | Ubuntu | devel | * |
| Apache2 | Ubuntu | edgy | * |
| Apache2 | Ubuntu | feisty | * |