Vulnerability in N/a
CVE-2002-0840
Cross-site scripting (XSS) vulnerability in the default error page of Apache 2.0 before 2.0.43, and 1.3.x up to 1.3.26, when UseCanonicalName is "Off" and support for wildcard DNS is present, allows remote attackers to execute script as ot…
EPSS: 0.902 (99.6th percentile) — read the EPSS interpretation.
Affected products
- N/a — versions n/a
References
- DSA-188 (vendor-advisory, x_refsource_DEBIAN)
- marc.info/ (x_refsource_CONFIRM)
- ESA-20021007-024 (vendor-advisory, x_refsource_ENGARDE)
- HPSBUX0210-224 (x_refsource_HP, vendor-advisory)
- DSA-187 (vendor-advisory, x_refsource_DEBIAN)
- www.apacheweek.com/issues/02-10-04 (x_refsource_CONFIRM)
- DSA-195 (vendor-advisory, x_refsource_DEBIAN)
- 20021003 [OpenPKG-SA-2002.009] OpenPKG Security Advisory (apache) (mailing-list, x_refsource_BUGTRAQ)
- MDKSA-2002:068 (vendor-advisory, x_refsource_MANDRAKE)
- CLA-2002:530 (vendor-advisory, x_refsource_CONECTIVA)