Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2002-0840

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2002-0840
Last Modified 10 Sep 2008 03:13:00
Published 11 Oct 2002 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2002-0840

Summary

Cross-site scripting (XSS) vulnerability in the default error page of Apache 2.0 before 2.0.43, and 1.3.x up to 1.3.26, when UseCanonicalName is "Off" and support for wildcard DNS is present, allows remote attackers to execute script as other web page visitors via the Host: header, a different vulnerability than CAN-2002-1157.

Vulnerable Systems

Application

  • Apache Http Server 1.3

  • Apache Http Server 1.3.1

  • Apache Http Server 1.3.11

  • Apache Http Server 1.3.12

  • Apache Http Server 1.3.14

  • Apache Http Server 1.3.17

  • Apache Http Server 1.3.18

  • Apache Http Server 1.3.19

  • Apache Http Server 1.3.20

  • Apache Http Server 1.3.22

  • Apache Http Server 1.3.23

  • Apache Http Server 1.3.24

  • Apache Http Server 1.3.25

  • Apache Http Server 1.3.26

  • Apache Http Server 1.3.3

  • Apache Http Server 1.3.4

  • Apache Http Server 1.3.6

  • Apache Http Server 1.3.9

  • Apache Http Server 2.0

  • Apache Http Server 2.0.28

  • Apache Http Server 2.0.32

  • Apache Http Server 2.0.35

  • Apache Http Server 2.0.36

  • Apache Http Server 2.0.37

  • Apache Http Server 2.0.38

  • Apache Http Server 2.0.39

  • Apache Http Server 2.0.40

  • Apache Http Server 2.0.41

  • Apache Http Server 2.0.42

  • Oracle Application Server 1.0.2

  • Oracle Application Server 1.0.2.1s

  • Oracle Application Server 1.0.2.2

  • Oracle Application Server 9.0.2

  • Oracle Application Server 9.0.2.1

  • Oracle Database Server 8.1.7

  • Oracle Database Server 9.2.1

  • Oracle Database Server 9.2.2

  • Oracle8i 8.1.7

  • Oracle8i 8.1.7 .0.0 Enterprise

  • Oracle8i 8.1.7 .1.0 Enterprise

  • Oracle8i 8.1.7.1

  • Oracle9i 9.0

  • Oracle9i 9.0.1

  • Oracle9i 9.0.1.2

  • Oracle9i 9.0.1.3

  • Oracle9i 9.0.2


References

CERT-VN - VU#240329

BUGTRAQ - 20021002 Apache 2 Cross-Site Scripting

XF - apache-http-host-xss(10241)

CONFIRM - http://www.apacheweek.com/issues/02-10-04

BID - 5847

REDHAT - RHSA-2003:106

REDHAT - RHSA-2002:251

REDHAT - RHSA-2002:248

REDHAT - RHSA-2002:244

REDHAT - RHSA-2002:243

REDHAT - RHSA-2002:222

OSVDB - 862

ENGARDE - ESA-20021007-024

MANDRAKE - MDKSA-2002:068

DEBIAN - DSA-195

DEBIAN - DSA-188

DEBIAN - DSA-187

HP - HPSBUX0210-224

BUGTRAQ - 20021003 [OpenPKG-SA-2002.009] OpenPKG Security Advisory (apache)

CONFIRM - http://marc.theaimsgroup.com/?l=apache-httpd-announce&m=103367938230488&w=2

CONECTIVA - CLA-2002:530

BUGTRAQ - 20021017 TSLSA-2002-0069-apache

SGI - 20021105-02-I


Last Updated: 27 May 2016 10:37:06