What is the severity of CVE-2002-0840?

CVE-2002-0840 has a moderate severity rating due to the potential for cross-site scripting attacks.

How do I fix CVE-2002-0840?

To fix CVE-2002-0840, upgrade to Apache version 2.0.43 or later, or ensure UseCanonicalName is set to 'On'.

What types of attacks can exploit CVE-2002-0840?

CVE-2002-0840 can be exploited via cross-site scripting attacks that involve manipulating the Host: header.

Which versions of Apache are affected by CVE-2002-0840?

CVE-2002-0840 affects Apache version 1.3.x up to 1.3.26 and all versions of Apache 2.0 before 2.0.43.

Is CVE-2002-0840 related to wildcard DNS support?

Yes, CVE-2002-0840 requires support for wildcard DNS in order for the vulnerability to be exploited.

Vulnerability/
CVE-2002-0840

medium

6.8

CWE

NVD-CWE-Other 79

11/10/2002

1/9/2004

8/8/2024

CVE-2002-0840: XSS

First published: Fri Oct 11 2002(Updated: )

Cross-site scripting (XSS) vulnerability in the default error page of Apache 2.0 before 2.0.43, and 1.3.x up to 1.3.26, when UseCanonicalName is "Off" and support for wildcard DNS is present, allows remote attackers to execute script as other web page visitors via the Host: header, a different vulnerability than CAN-2002-1157.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
Apache Http Server	=1.3
Apache Http Server	=1.3.1
Apache Http Server	=1.3.3
Apache Http Server	=1.3.4
Apache Http Server	=1.3.6
Apache Http Server	=1.3.9
Apache Http Server	=1.3.11
Apache Http Server	=1.3.12
Apache Http Server	=1.3.14
Apache Http Server	=1.3.17
Apache Http Server	=1.3.18
Apache Http Server	=1.3.19
Apache Http Server	=1.3.20
Apache Http Server	=1.3.22
Apache Http Server	=1.3.23
Apache Http Server	=1.3.24
Apache Http Server	=1.3.25
Apache Http Server	=1.3.26
Apache Http Server	=2.0
Apache Http Server	=2.0.28
Apache Http Server	=2.0.32
Apache Http Server	=2.0.35
Apache Http Server	=2.0.36
Apache Http Server	=2.0.37
Apache Http Server	=2.0.38
Apache Http Server	=2.0.39
Apache Http Server	=2.0.40
Apache Http Server	=2.0.41
Apache Http Server	=2.0.42
Oracle Java System Application Server	=1.0.2
Oracle Java System Application Server	=1.0.2.1s
Oracle Java System Application Server	=1.0.2.2
Oracle Java System Application Server	=9.0.2
Oracle Java System Application Server	=9.0.2-r2
Oracle Java System Application Server	=9.0.2.1
Oracle Database	=8.1.7
Oracle Database	=9.2.1
Oracle Database	=9.2.2
Oracle Database	=8.1.7
Oracle Database	=8.1.7.1
Oracle Database	=8.1.7_.0.0_enterprise
Oracle Database	=8.1.7_.1.0_enterprise
Oracle Database	=9.0
Oracle Database	=9.0.1
Oracle Database	=9.0.1.2
Oracle Database	=9.0.1.3
Oracle Database	=9.0.2

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2002-0840?
CVE-2002-0840 has a moderate severity rating due to the potential for cross-site scripting attacks.
How do I fix CVE-2002-0840?
To fix CVE-2002-0840, upgrade to Apache version 2.0.43 or later, or ensure UseCanonicalName is set to 'On'.
What types of attacks can exploit CVE-2002-0840?
CVE-2002-0840 can be exploited via cross-site scripting attacks that involve manipulating the Host: header.
Which versions of Apache are affected by CVE-2002-0840?
CVE-2002-0840 affects Apache version 1.3.x up to 1.3.26 and all versions of Apache 2.0 before 2.0.43.
Is CVE-2002-0840 related to wildcard DNS support?
Yes, CVE-2002-0840 requires support for wildcard DNS in order for the vulnerability to be exploited.

agent/type
agent/first-publish-date
collector/mitre-cve
source/MITRE
agent/weakness
agent/severity
agent/references
agent/last-modified-date
agent/description
agent/event
agent/source
agent/author
agent/softwarecombine
agent/tags
collector/nvd-api
agent/software-canonical-lookup-request
collector/nvd-historical
collector/nvd-index
vendor/apache
canonical/apache http server
version/apache http server/1.3
version/apache http server/1.3.1
version/apache http server/1.3.3
version/apache http server/1.3.4
version/apache http server/1.3.6
version/apache http server/1.3.9
version/apache http server/1.3.11
version/apache http server/1.3.12
version/apache http server/1.3.14
version/apache http server/1.3.17
version/apache http server/1.3.18
version/apache http server/1.3.19
version/apache http server/1.3.20
version/apache http server/1.3.22
version/apache http server/1.3.23
version/apache http server/1.3.24
version/apache http server/1.3.25
version/apache http server/1.3.26
version/apache http server/2.0
version/apache http server/2.0.28
version/apache http server/2.0.32
version/apache http server/2.0.35
version/apache http server/2.0.36
version/apache http server/2.0.37
version/apache http server/2.0.38
version/apache http server/2.0.39
version/apache http server/2.0.40
version/apache http server/2.0.41
version/apache http server/2.0.42
vendor/oracle
canonical/oracle java system application server
version/oracle java system application server/1.0.2
version/oracle java system application server/1.0.2.1s
version/oracle java system application server/1.0.2.2
version/oracle java system application server/9.0.2
version/oracle java system application server/9.0.2-r2
version/oracle java system application server/9.0.2.1
canonical/oracle database
version/oracle database/8.1.7
version/oracle database/9.2.1
version/oracle database/9.2.2
version/oracle database/8.1.7.1
version/oracle database/8.1.7_.0.0_enterprise
version/oracle database/8.1.7_.1.0_enterprise
version/oracle database/9.0
version/oracle database/9.0.1
version/oracle database/9.0.1.2
version/oracle database/9.0.1.3
version/oracle database/9.0.2