Cross-site scripting (XSS) vulnerability in the default error page of Apache 2.0 before 2.0.43, and 1.3.x up to 1.3.26, when UseCanonicalName is "Off" and support for wildcard DNS is present, allows remote attackers to execute script as other web page visitors via the Host: header, a different vulnerability than CAN-2002-1157.
References
Configurations
Configuration 1 (hide)
|
History
07 Nov 2023, 01:55
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Information
Published : 2002-10-11 04:00
Updated : 2024-02-28 10:24
NVD link : CVE-2002-0840
Mitre link : CVE-2002-0840
CVE.ORG link : CVE-2002-0840
JSON object : View
Products Affected
oracle
- oracle9i
- oracle8i
- database_server
- application_server
apache
- http_server
CWE