Description
Cross-site scripting (XSS) vulnerability in the default error page of Apache 2.0 before 2.0.43, and 1.3.x up to 1.3.26, when UseCanonicalName is "Off" and support for wildcard DNS is present, allows remote attackers to execute script as other web page visitors via the Host: header, a different vulnerability than CAN-2002-1157.
Remediation
References
Related Vulnerabilities
WordPress 7PK - Security Features Vulnerability (CVE-2016-10148)
Jenkins Permissions, Privileges, and Access Controls Vulnerability (CVE-2016-3722)
WordPress Plugin VikBooking Hotel Booking Engine & PMS Multiple Vulnerabilities (1.5.7)
Oracle Database Server CVE-2014-4237 Vulnerability (CVE-2014-4237)