CVE-2002-0840 in HTTP Serverinfo

Summary

Cross-site scripting (XSS) vulnerability in the default error page of Apache 2.0 before 2.0.43, and 1.3.x up to 1.3.26, when UseCanonicalName is "Off" and support for wildcard DNS is present, allows remote attackers to execute script as other web page visitors via the Host: header, a different vulnerability than CAN-2002-1157.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

Responsible

Disclosure

10/11/2002

Moderation

VulDB entry created

Entries

VDB-19051

CPE

ready

CWE

CWE-80 (Confirmed)

Exploit

Download

CVSS

7.3

EPSS

0.91102

Activities

Very Low

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2002-0840
NVD	https://nvd.nist.gov/vuln/detail/CVE-2002-0840
CVE Details	https://www.cvedetails.com/cve/CVE-2002-0840/

◂ Previous Overview Next ▸

Do you know our Splunk app?

Download it now for free!