Description

Cross-site scripting (XSS) vulnerability in the default error page of Apache 2.0 before 2.0.43, and 1.3.x up to 1.3.26, when UseCanonicalName is "Off" and support for wildcard DNS is present, allows remote attackers to execute script as other web page visitors via the Host: header, a different vulnerability than CAN-2002-1157.

Remediation

References

CVE-2002-0840

Related Vulnerabilities

Joomla Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2013-5583)

Liferay Portal Permissions, Privileges, and Access Controls Vulnerability (CVE-2010-5327)

WordPress Plugin ThemeHigh WooCommerce Wishlist and Comparison Cross-Site Request Forgery (1.0.4)

WordPress Plugin Formidable Forms-Contact Form, Survey, Quiz, Calculator & Custom Form Builder PHP Object Injection (4.02)

Piwigo Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-45357)

Severity

Medium

Classification

CVE-2002-0840

Tags

Missing Update Known Vulnerabilities