Description

Cross-site scripting (XSS) vulnerability in the default error page of Apache 2.0 before 2.0.43, and 1.3.x up to 1.3.26, when UseCanonicalName is "Off" and support for wildcard DNS is present, allows remote attackers to execute script as other web page visitors via the Host: header, a different vulnerability than CAN-2002-1157.

Remediation

References

CVE-2002-0840

Related Vulnerabilities

WordPress Plugin S3 Video Cross-Site Scripting (0.97)

MySQL CVE-2022-21451 Vulnerability (CVE-2022-21451)

WordPress Plugin Wordpress Membership SwiftCloud.io SQL Injection (1.0)

WordPress Plugin WordPress Poll Multiple Unspecified Vulnerabilities (35.0)

ATutor Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2017-6483)

Severity

Medium

Classification

CVE-2002-0840

Tags

Missing Update Known Vulnerabilities