Description
Cross-site scripting (XSS) vulnerability in the default error page of Apache 2.0 before 2.0.43, and 1.3.x up to 1.3.26, when UseCanonicalName is "Off" and support for wildcard DNS is present, allows remote attackers to execute script as other web page visitors via the Host: header, a different vulnerability than CAN-2002-1157.
Remediation
References
Related Vulnerabilities
Atlassian Jira CVE-2021-26075 Vulnerability (CVE-2021-26075)
WordPress Plugin Let Them Unsubscribe Multiple Unspecified Vulnerabilities (1.0)
Twisted Web HTTP Server Direct Request ('Forced Browsing') Vulnerability (CVE-2016-1000111)
Drupal Core 7.x Information Disclosure (7.0 - 7.14)
WordPress Plugin Event Single Page Templates Addon For The Events Calendar Security Bypass (1.5)