CVE-2002-1157
First published: Mon Nov 04 2002(Updated: )
Cross-site scripting vulnerability in the mod_ssl Apache module 2.8.9 and earlier, when UseCanonicalName is off and wildcard DNS is enabled, allows remote attackers to execute script as other web site visitors, via the server name in an HTTPS response on the SSL port, which is used in a self-referencing URL, a different vulnerability than CAN-2002-0840.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| CentOS Mod SSL | <=2.8.9 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.debian.org/security/2002/dsa-181
- http://www.iss.net/security_center/static/10457.php
- http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000541
- http://www.linuxsecurity.com/advisories/other_advisory-2512.html
- http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-072.php
- http://www.redhat.com/support/errata/RHSA-2002-222.html
- http://www.redhat.com/support/errata/RHSA-2002-243.html
- http://www.redhat.com/support/errata/RHSA-2002-244.html
- http://www.redhat.com/support/errata/RHSA-2002-248.html
- http://www.redhat.com/support/errata/RHSA-2002-251.html
- http://www.redhat.com/support/errata/RHSA-2003-106.html
- http://online.securityfocus.com/archive/1/296753
- http://archives.neohapsis.com/archives/bugtraq/2002-10/0374.html
- http://www.securityfocus.com/bid/6029
- http://www.osvdb.org/2107
Frequently Asked Questions
What is the severity of CVE-2002-1157?
CVE-2002-1157 has a critical severity rating due to its potential for Cross-site scripting attacks.
How do I fix CVE-2002-1157?
To fix CVE-2002-1157, you should upgrade mod_ssl to version 2.8.9 or later.
What systems are affected by CVE-2002-1157?
CVE-2002-1157 affects mod_ssl versions up to and including 2.8.9.
What kind of attack does CVE-2002-1157 enable?
CVE-2002-1157 enables remote attackers to execute scripts in the context of other web site visitors through Cross-site scripting.
How does CVE-2002-1157 exploit wildcard DNS?
CVE-2002-1157 exploits wildcard DNS when UseCanonicalName is off, allowing crafted server names to be reflected in HTTPS responses.
- agent/type
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/remedy
- agent/weakness
- agent/author
- agent/last-modified-date
- agent/references
- agent/severity
- agent/description
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-historical
- vendor/mod ssl
- product/mod ssl
- canonical/mod ssl mod ssl
- canonical/centos mod ssl
- version/centos mod ssl/2.8.9