First published: Fri Oct 11 2002(Updated: )
Cross-site scripting (XSS) vulnerability in the default error page of Apache 2.0 before 2.0.43, and 1.3.x up to 1.3.26, when UseCanonicalName is "Off" and support for wildcard DNS is present, allows remote attackers to execute script as other web page visitors via the Host: header, a different vulnerability than CAN-2002-1157.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Apache HTTP server | =2.0.42 | |
Oracle Application Server | =9.0.2.1 | |
Apache HTTP server | =1.3.23 | |
Oracle Oracle9i | =9.0.1 | |
Oracle Oracle9i | =9.0.2 | |
Oracle Oracle8i | =8.1.7_.0.0_enterprise | |
Oracle Database Server | =8.1.7 | |
Apache HTTP server | =2.0.35 | |
Apache HTTP server | =2.0.37 | |
Apache HTTP server | =1.3.1 | |
Apache HTTP server | =1.3.25 | |
Oracle Oracle9i | =9.0 | |
Apache HTTP server | =1.3.19 | |
Oracle Database Server | =9.2.1 | |
Apache HTTP server | =2.0.39 | |
Apache HTTP server | =1.3.24 | |
Oracle Application Server | =9.0.2-r2 | |
Apache HTTP server | =1.3.20 | |
Apache HTTP server | =1.3.6 | |
Apache HTTP server | =2.0.41 | |
Oracle Oracle8i | =8.1.7.1 | |
Oracle Oracle8i | =8.1.7 | |
Apache HTTP server | =1.3.4 | |
Oracle Oracle8i | =8.1.7_.1.0_enterprise | |
Apache HTTP server | =1.3.18 | |
Apache HTTP server | =2.0.32 | |
Oracle Oracle9i | =9.0.1.3 | |
Oracle Application Server | =1.0.2.1s | |
Apache HTTP server | =2.0.38 | |
Apache HTTP server | =1.3 | |
Apache HTTP server | =1.3.12 | |
Oracle Application Server | =9.0.2 | |
Apache HTTP server | =1.3.3 | |
Apache HTTP server | =1.3.17 | |
Oracle Oracle9i | =9.0.1.2 | |
Apache HTTP server | =1.3.26 | |
Apache HTTP server | =1.3.9 | |
Apache HTTP server | =2.0.40 | |
Apache HTTP server | =2.0.36 | |
Apache HTTP server | =1.3.14 | |
Apache HTTP server | =1.3.22 | |
Apache HTTP server | =1.3.11 | |
Oracle Application Server | =1.0.2.2 | |
Apache HTTP server | =2.0.28 | |
Oracle Database Server | =9.2.2 | |
Apache HTTP server | =2.0 | |
Oracle Application Server | =1.0.2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.