Description

Cross-site scripting (XSS) vulnerability in the default error page of Apache 2.0 before 2.0.43, and 1.3.x up to 1.3.26, when UseCanonicalName is "Off" and support for wildcard DNS is present, allows remote attackers to execute script as other web page visitors via the Host: header, a different vulnerability than CAN-2002-1157.

Remediation

References

CVE-2002-0840

Related Vulnerabilities

PHP Other Vulnerability (CVE-2014-8142)

Coppermine Permissions, Privileges, and Access Controls Vulnerability (CVE-2008-7186)

WordPress Plugin Events Manager Cross-Site Request Forgery (5.9.8.1)

Liferay Portal Inefficient Regular Expression Complexity Vulnerability (CVE-2022-42124)

WordPress Plugin Cardinity Payment Gateway for WooCommerce Cross-Site Scripting (3.0.6)

Severity

Medium

Classification

CVE-2002-0840

Tags

Missing Update Known Vulnerabilities