Description

Cross-site scripting (XSS) vulnerability in the default error page of Apache 2.0 before 2.0.43, and 1.3.x up to 1.3.26, when UseCanonicalName is "Off" and support for wildcard DNS is present, allows remote attackers to execute script as other web page visitors via the Host: header, a different vulnerability than CAN-2002-1157.

Remediation

References

CVE-2002-0840

Related Vulnerabilities

WordPress Plugin Ultimate Member-User Profile, Registration, Login, Member Directory, Content Restriction & Membership Arbitrary File Upload (2.0.21)

Oracle Database Server CVE-2011-3512 Vulnerability (CVE-2011-3512)

Drupal Other Vulnerability (CVE-2016-3164)

XWiki Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2023-29211)

Drupal Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2012-2922)

Severity

Medium

Classification

CVE-2002-0840

Tags

Missing Update Known Vulnerabilities