Cross-site scripting (XSS) vulnerability in the default error page of Apache 2.0 before 2.0.43, and 1.3.x up to 1.3.26, when UseCanonicalName is "Off" and support for wildcard DNS is present, allows remote attackers to execute script as other web page visitors via the Host: header, a different vulnerability than CAN-2002-1157.
References
Configurations
Configuration 1 (hide)
|
History
20 Nov 2024, 23:39
Type | Values Removed | Values Added |
---|---|---|
References | () ftp://patches.sgi.com/support/free/security/advisories/20021105-02-I - | |
References | () http://archives.neohapsis.com/archives/bugtraq/2002-10/0254.html - | |
References | () http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0003.html - | |
References | () http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000530 - | |
References | () http://marc.info/?l=apache-httpd-announce&m=103367938230488&w=2 - | |
References | () http://marc.info/?l=bugtraq&m=103357160425708&w=2 - | |
References | () http://marc.info/?l=bugtraq&m=103376585508776&w=2 - | |
References | () http://online.securityfocus.com/advisories/4617 - | |
References | () http://www.apacheweek.com/issues/02-10-04 - Vendor Advisory | |
References | () http://www.debian.org/security/2002/dsa-187 - | |
References | () http://www.debian.org/security/2002/dsa-188 - | |
References | () http://www.debian.org/security/2002/dsa-195 - | |
References | () http://www.kb.cert.org/vuls/id/240329 - US Government Resource | |
References | () http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-068.php - | |
References | () http://www.linuxsecurity.com/advisories/other_advisory-2414.html - | |
References | () http://www.osvdb.org/862 - | |
References | () http://www.redhat.com/support/errata/RHSA-2002-222.html - | |
References | () http://www.redhat.com/support/errata/RHSA-2002-243.html - | |
References | () http://www.redhat.com/support/errata/RHSA-2002-244.html - | |
References | () http://www.redhat.com/support/errata/RHSA-2002-248.html - | |
References | () http://www.redhat.com/support/errata/RHSA-2002-251.html - | |
References | () http://www.redhat.com/support/errata/RHSA-2003-106.html - | |
References | () http://www.securityfocus.com/bid/5847 - | |
References | () https://exchange.xforce.ibmcloud.com/vulnerabilities/10241 - | |
References | () https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E - | |
References | () https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E - | |
References | () https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E - | |
References | () https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3E - | |
References | () https://lists.apache.org/thread.html/r5001ecf3d6b2bdd0b732e527654248abb264f08390045d30709a92f6%40%3Ccvs.httpd.apache.org%3E - | |
References | () https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5%40%3Ccvs.httpd.apache.org%3E - | |
References | () https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4%40%3Ccvs.httpd.apache.org%3E - | |
References | () https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3E - | |
References | () https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3E - | |
References | () https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E - | |
References | () https://lists.apache.org/thread.html/rd00b45b93fda4a5bd013b28587207d0e00f99f6e3308dbb6025f3b01%40%3Ccvs.httpd.apache.org%3E - | |
References | () https://lists.apache.org/thread.html/rf2f0f3611f937cf6cfb3b4fe4a67f69885855126110e1e3f2fb2728e%40%3Ccvs.httpd.apache.org%3E - | |
References | () https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E - |
07 Nov 2023, 01:55
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Information
Published : 2002-10-11 04:00
Updated : 2024-11-20 23:39
NVD link : CVE-2002-0840
Mitre link : CVE-2002-0840
CVE.ORG link : CVE-2002-0840
JSON object : View
Products Affected
oracle
- database_server
- oracle9i
- application_server
- oracle8i
apache
- http_server
CWE