Description

Cross-site scripting (XSS) vulnerability in the default error page of Apache 2.0 before 2.0.43, and 1.3.x up to 1.3.26, when UseCanonicalName is "Off" and support for wildcard DNS is present, allows remote attackers to execute script as other web page visitors via the Host: header, a different vulnerability than CAN-2002-1157.

Remediation

References

CVE-2002-0840

Related Vulnerabilities

WordPress Plugin BackWPup Multiple Local File Include Vulnerabilities (1.5.2)

MySQL CVE-2016-0649 Vulnerability (CVE-2016-0649)

Zenphoto Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2009-4563)

Nexus Repository Manager Incorrect Default Permissions Vulnerability (CVE-2019-9630)

WordPress Plugin Survey Maker-Best WordPress Survey SQL Injection (3.1.1)

Severity

Medium

Classification

CVE-2002-0840

Tags

Missing Update Known Vulnerabilities