CVE Vulnerabilities

CVE-2002-0840

Published: Oct 11, 2002 | Modified: Nov 07, 2023
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
6.8 MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu

Cross-site scripting (XSS) vulnerability in the default error page of Apache 2.0 before 2.0.43, and 1.3.x up to 1.3.26, when UseCanonicalName is Off and support for wildcard DNS is present, allows remote attackers to execute script as other web page visitors via the Host: header, a different vulnerability than CAN-2002-1157.

Affected Software

Name Vendor Start Version End Version
Http_server Apache 2.0.42 2.0.42
Application_server Oracle 9.0.2.1 9.0.2.1
Http_server Apache 1.3.23 1.3.23
Oracle9i Oracle 9.0.1 9.0.1
Oracle9i Oracle 9.0.2 9.0.2
Oracle8i Oracle 8.1.7_.0.0_enterprise 8.1.7_.0.0_enterprise
Database_server Oracle 8.1.7 8.1.7
Http_server Apache 2.0.35 2.0.35
Http_server Apache 2.0.37 2.0.37
Http_server Apache 1.3.1 1.3.1
Http_server Apache 1.3.25 1.3.25
Oracle9i Oracle 9.0 9.0
Http_server Apache 1.3.19 1.3.19
Database_server Oracle 9.2.1 9.2.1
Http_server Apache 2.0.39 2.0.39
Http_server Apache 1.3.24 1.3.24
Application_server Oracle 9.0.2 9.0.2
Http_server Apache 1.3.20 1.3.20
Http_server Apache 1.3.6 1.3.6
Http_server Apache 2.0.41 2.0.41
Oracle8i Oracle 8.1.7.1 8.1.7.1
Oracle8i Oracle 8.1.7 8.1.7
Http_server Apache 1.3.4 1.3.4
Oracle8i Oracle 8.1.7_.1.0_enterprise 8.1.7_.1.0_enterprise
Http_server Apache 1.3.18 1.3.18
Http_server Apache 2.0.32 2.0.32
Oracle9i Oracle 9.0.1.3 9.0.1.3
Application_server Oracle 1.0.2.1s 1.0.2.1s
Http_server Apache 2.0.38 2.0.38
Http_server Apache 1.3 1.3
Http_server Apache 1.3.12 1.3.12
Application_server Oracle 9.0.2 9.0.2
Http_server Apache 1.3.3 1.3.3
Http_server Apache 1.3.17 1.3.17
Oracle9i Oracle 9.0.1.2 9.0.1.2
Http_server Apache 1.3.26 1.3.26
Http_server Apache 1.3.9 1.3.9
Http_server Apache 2.0.40 2.0.40
Http_server Apache 2.0.36 2.0.36
Http_server Apache 1.3.14 1.3.14
Http_server Apache 1.3.22 1.3.22
Http_server Apache 1.3.11 1.3.11
Application_server Oracle 1.0.2.2 1.0.2.2
Http_server Apache 2.0.28 2.0.28
Database_server Oracle 9.2.2 9.2.2
Http_server Apache 2.0 2.0
Application_server Oracle 1.0.2 1.0.2

References