Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2002-1157

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2002-1157
Last Modified 05 Sep 2008 04:29:56
Published 04 Nov 2002 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2002-1157

Summary

Cross-site scripting vulnerability in the mod_ssl Apache module 2.8.9 and earlier, when UseCanonicalName is off and wildcard DNS is enabled, allows remote attackers to execute script as other web site visitors, via the server name in an HTTPS response on the SSL port, which is used in a self-referencing URL, a different vulnerability than CAN-2002-0840.

Vulnerable Systems

Application

  • Mod Ssl 2.8.9


References

DEBIAN - DSA-181

XF - apache-modssl-host-xss(10457)

BID - 6029

REDHAT - RHSA-2003:106

REDHAT - RHSA-2002:251

REDHAT - RHSA-2002:248

REDHAT - RHSA-2002:244

REDHAT - RHSA-2002:243

REDHAT - RHSA-2002:222

OSVDB - 2107

ENGARDE - ESA-20021029-027

MANDRAKE - MDKSA-2002:072

BUGTRAQ - 20021023 [OpenPKG-SA-2002.010] OpenPKG Security Advisory (apache)

CONECTIVA - CLA-2002:541

BUGTRAQ - 20021026 GLSA: mod_ssl


Last Updated: 27 May 2016 10:37:12