CVE-2002-0840: XSS

First published: Fri Oct 11 2002(Updated: )

Cross-site scripting (XSS) vulnerability in the default error page of Apache 2.0 before 2.0.43, and 1.3.x up to 1.3.26, when UseCanonicalName is "Off" and support for wildcard DNS is present, allows remote attackers to execute script as other web page visitors via the Host: header, a different vulnerability than CAN-2002-1157.

Credit: cve@mitre.org cve@mitre.org

Affected Software	Affected Version	How to fix
Apache HTTP server	=2.0.42
Oracle Application Server	=9.0.2.1
Apache HTTP server	=1.3.23
Oracle Oracle9i	=9.0.1
Oracle Oracle9i	=9.0.2
Oracle Oracle8i	=8.1.7_.0.0_enterprise
Oracle Database Server	=8.1.7
Apache HTTP server	=2.0.35
Apache HTTP server	=2.0.37
Apache HTTP server	=1.3.1
Apache HTTP server	=1.3.25
Oracle Oracle9i	=9.0
Apache HTTP server	=1.3.19
Oracle Database Server	=9.2.1
Apache HTTP server	=2.0.39
Apache HTTP server	=1.3.24
Oracle Application Server	=9.0.2-r2
Apache HTTP server	=1.3.20
Apache HTTP server	=1.3.6
Apache HTTP server	=2.0.41
Oracle Oracle8i	=8.1.7.1
Oracle Oracle8i	=8.1.7
Apache HTTP server	=1.3.4
Oracle Oracle8i	=8.1.7_.1.0_enterprise
Apache HTTP server	=1.3.18
Apache HTTP server	=2.0.32
Oracle Oracle9i	=9.0.1.3
Oracle Application Server	=1.0.2.1s
Apache HTTP server	=2.0.38
Apache HTTP server	=1.3
Apache HTTP server	=1.3.12
Oracle Application Server	=9.0.2
Apache HTTP server	=1.3.3
Apache HTTP server	=1.3.17
Oracle Oracle9i	=9.0.1.2
Apache HTTP server	=1.3.26
Apache HTTP server	=1.3.9
Apache HTTP server	=2.0.40
Apache HTTP server	=2.0.36
Apache HTTP server	=1.3.14
Apache HTTP server	=1.3.22
Apache HTTP server	=1.3.11
Oracle Application Server	=1.0.2.2
Apache HTTP server	=2.0.28
Oracle Database Server	=9.2.2
Apache HTTP server	=2.0
Oracle Application Server	=1.0.2

Never miss a vulnerability like this again

Reference Links

collector/nvd-historical
collector/nvd-index
collector/nvd-api
agent/severity
agent/references
agent/weakness
agent/author
agent/type
agent/event
agent/description
agent/first-publish-date
agent/softwarecombine
agent/last-modified-date
agent/tags
collector/mitre-cve
source/MITRE
vendor/apache
canonical/apache http server
version/apache http server/2.0.42
vendor/oracle
canonical/oracle application server
version/oracle application server/9.0.2.1
version/apache http server/1.3.23
canonical/oracle oracle9i
version/oracle oracle9i/9.0.1
version/oracle oracle9i/9.0.2
canonical/oracle oracle8i
version/oracle oracle8i/8.1.7_.0.0_enterprise
canonical/oracle database server
version/oracle database server/8.1.7
version/apache http server/2.0.35
version/apache http server/2.0.37
version/apache http server/1.3.1
version/apache http server/1.3.25
version/oracle oracle9i/9.0
version/apache http server/1.3.19
version/oracle database server/9.2.1
version/apache http server/2.0.39
version/apache http server/1.3.24
version/oracle application server/9.0.2-r2
version/apache http server/1.3.20
version/apache http server/1.3.6
version/apache http server/2.0.41
version/oracle oracle8i/8.1.7.1
version/oracle oracle8i/8.1.7
version/apache http server/1.3.4
version/oracle oracle8i/8.1.7_.1.0_enterprise
version/apache http server/1.3.18
version/apache http server/2.0.32
version/oracle oracle9i/9.0.1.3
version/oracle application server/1.0.2.1s
version/apache http server/2.0.38
version/apache http server/1.3
version/apache http server/1.3.12
version/oracle application server/9.0.2
version/apache http server/1.3.3
version/apache http server/1.3.17
version/oracle oracle9i/9.0.1.2
version/apache http server/1.3.26
version/apache http server/1.3.9
version/apache http server/2.0.40
version/apache http server/2.0.36
version/apache http server/1.3.14
version/apache http server/1.3.22
version/apache http server/1.3.11
version/oracle application server/1.0.2.2
version/apache http server/2.0.28
version/oracle database server/9.2.2
version/apache http server/2.0
version/oracle application server/1.0.2

CVE-2002-0840: XSS

Never miss a vulnerability like this again

Reference Links

Company

Resources

Contact