What is the severity of CVE-2002-0840?

CVE-2002-0840 has a moderate severity rating due to the potential for cross-site scripting attacks.

How do I fix CVE-2002-0840?

To fix CVE-2002-0840, upgrade to Apache version 2.0.43 or later, or ensure UseCanonicalName is set to 'On'.

What types of attacks can exploit CVE-2002-0840?

CVE-2002-0840 can be exploited via cross-site scripting attacks that involve manipulating the Host: header.

Which versions of Apache are affected by CVE-2002-0840?

CVE-2002-0840 affects Apache version 1.3.x up to 1.3.26 and all versions of Apache 2.0 before 2.0.43.

Is CVE-2002-0840 related to wildcard DNS support?

Yes, CVE-2002-0840 requires support for wildcard DNS in order for the vulnerability to be exploited.

Vulnerability/
CVE-2002-0840

medium

6.8

CWE

NVD-CWE-Other 79

11/10/2002

1/9/2004

8/8/2024

CVE-2002-0840: XSS

First published: Fri Oct 11 2002(Updated: )

Cross-site scripting (XSS) vulnerability in the default error page of Apache 2.0 before 2.0.43, and 1.3.x up to 1.3.26, when UseCanonicalName is "Off" and support for wildcard DNS is present, allows remote attackers to execute script as other web page visitors via the Host: header, a different vulnerability than CAN-2002-1157.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
Apache Http Server	=1.3
Apache Http Server	=1.3.1
Apache Http Server	=1.3.3
Apache Http Server	=1.3.4
Apache Http Server	=1.3.6
Apache Http Server	=1.3.9
Apache Http Server	=1.3.11
Apache Http Server	=1.3.12
Apache Http Server	=1.3.14
Apache Http Server	=1.3.17
Apache Http Server	=1.3.18
Apache Http Server	=1.3.19
Apache Http Server	=1.3.20
Apache Http Server	=1.3.22
Apache Http Server	=1.3.23
Apache Http Server	=1.3.24
Apache Http Server	=1.3.25
Apache Http Server	=1.3.26
Apache Http Server	=2.0
Apache Http Server	=2.0.28
Apache Http Server	=2.0.32
Apache Http Server	=2.0.35
Apache Http Server	=2.0.36
Apache Http Server	=2.0.37
Apache Http Server	=2.0.38
Apache Http Server	=2.0.39
Apache Http Server	=2.0.40
Apache Http Server	=2.0.41
Apache Http Server	=2.0.42
Oracle Application Server	=1.0.2
Oracle Application Server	=1.0.2.1s
Oracle Application Server	=1.0.2.2
Oracle Application Server	=9.0.2
Oracle Application Server	=9.0.2-r2
Oracle Application Server	=9.0.2.1
Oracle Database	=8.1.7
Oracle Database	=9.2.1
Oracle Database	=9.2.2
Oracle 8i	=8.1.7
Oracle 8i	=8.1.7.1
Oracle 8i	=8.1.7_.0.0_enterprise
Oracle 8i	=8.1.7_.1.0_enterprise
Oracle Oracle9i	=9.0
Oracle Oracle9i	=9.0.1
Oracle Oracle9i	=9.0.1.2
Oracle Oracle9i	=9.0.1.3
Oracle Oracle9i	=9.0.2

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2002-0840?
CVE-2002-0840 has a moderate severity rating due to the potential for cross-site scripting attacks.
How do I fix CVE-2002-0840?
To fix CVE-2002-0840, upgrade to Apache version 2.0.43 or later, or ensure UseCanonicalName is set to 'On'.
What types of attacks can exploit CVE-2002-0840?
CVE-2002-0840 can be exploited via cross-site scripting attacks that involve manipulating the Host: header.
Which versions of Apache are affected by CVE-2002-0840?
CVE-2002-0840 affects Apache version 1.3.x up to 1.3.26 and all versions of Apache 2.0 before 2.0.43.
Is CVE-2002-0840 related to wildcard DNS support?
Yes, CVE-2002-0840 requires support for wildcard DNS in order for the vulnerability to be exploited.

agent/author
agent/type
agent/first-publish-date
collector/mitre-cve
source/MITRE
agent/weakness
agent/severity
agent/references
agent/last-modified-date
agent/description
agent/event
agent/softwarecombine
agent/source
agent/tags
collector/nvd-api
agent/software-canonical-lookup-request
collector/nvd-historical
collector/nvd-index
vendor/apache
canonical/apache http server
version/apache http server/1.3
version/apache http server/1.3.1
version/apache http server/1.3.3
version/apache http server/1.3.4
version/apache http server/1.3.6
version/apache http server/1.3.9
version/apache http server/1.3.11
version/apache http server/1.3.12
version/apache http server/1.3.14
version/apache http server/1.3.17
version/apache http server/1.3.18
version/apache http server/1.3.19
version/apache http server/1.3.20
version/apache http server/1.3.22
version/apache http server/1.3.23
version/apache http server/1.3.24
version/apache http server/1.3.25
version/apache http server/1.3.26
version/apache http server/2.0
version/apache http server/2.0.28
version/apache http server/2.0.32
version/apache http server/2.0.35
version/apache http server/2.0.36
version/apache http server/2.0.37
version/apache http server/2.0.38
version/apache http server/2.0.39
version/apache http server/2.0.40
version/apache http server/2.0.41
version/apache http server/2.0.42
vendor/oracle
canonical/oracle application server
version/oracle application server/1.0.2
version/oracle application server/1.0.2.1s
version/oracle application server/1.0.2.2
version/oracle application server/9.0.2
version/oracle application server/9.0.2-r2
version/oracle application server/9.0.2.1
canonical/oracle database
version/oracle database/8.1.7
version/oracle database/9.2.1
version/oracle database/9.2.2
canonical/oracle 8i
version/oracle 8i/8.1.7
version/oracle 8i/8.1.7.1
version/oracle 8i/8.1.7_.0.0_enterprise
version/oracle 8i/8.1.7_.1.0_enterprise
canonical/oracle oracle9i
version/oracle oracle9i/9.0
version/oracle oracle9i/9.0.1
version/oracle oracle9i/9.0.1.2
version/oracle oracle9i/9.0.1.3
version/oracle oracle9i/9.0.2

CVE-2002-0840: XSS

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2002-0840?

How do I fix CVE-2002-0840?

What types of attacks can exploit CVE-2002-0840?

Which versions of Apache are affected by CVE-2002-0840?

Is CVE-2002-0840 related to wildcard DNS support?

Company

Resources

Contact

Frequently Asked Questions

What is the severity of CVE-2002-0840?

How do I fix CVE-2002-0840?

What types of attacks can exploit CVE-2002-0840?

Which versions of Apache are affected by CVE-2002-0840?

Is CVE-2002-0840 related to wildcard DNS support?