CVE-2002-1157 in mod_sslinfo

Summary

Cross-site scripting vulnerability in the mod_ssl Apache module 2.8.9 and earlier, when UseCanonicalName is off and wildcard DNS is enabled, allows remote attackers to execute script as other web site visitors, via the server name in an HTTPS response on the SSL port, which is used in a self-referencing URL, a different vulnerability than CAN-2002-0840.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Disclosure

11/04/2002

Moderation

VulDB entry created

Entries

VDB-19120 (1)

CPE

ready

CWE

CWE-80 (Confirmed)

CVSS

6.3

EPSS

0.03447

Activities

Very Low

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2002-1157
NVD	https://nvd.nist.gov/vuln/detail/CVE-2002-1157
CVE Details	https://www.cvedetails.com/cve/CVE-2002-1157/

◂ Previous Overview Next ▸

Want to stay up to date on a daily basis?

Enable the mail alert feature now!