CVE-2002-0840

medium Apache
CVSS v3 Base Score
6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P
EPSS Score
91.1%
Exploitation probability in 30 days
Top 0% most likely to be exploited
Attack Characteristics
Attack Vector
Network
Attack Complexity
M
Confidentiality
P
Integrity
P
Availability
P
Published: October 11, 2002 (8616 days ago)
Last Modified: April 16, 2026
Vendor: Apache
Source: NVD

Description

Cross-site scripting (XSS) vulnerability in the default error page of Apache 2.0 before 2.0.43, and 1.3.x up to 1.3.26, when UseCanonicalName is "Off" and support for wildcard DNS is present, allows remote attackers to execute script as other web page visitors via the Host: header, a different vulnerability than CAN-2002-1157.

CWE

NVD-CWE-Other

Affected Products

apache http serveroracle application serveroracle database serveroracle oracle8ioracle oracle9i

References

🔗 patches.sgi.com 🔗 archives.neohapsis.com 🔗 archives.neohapsis.com 🔗 distro.conectiva.com.br 🔗 marc.info