Description

Cross-site scripting (XSS) vulnerability in the default error page of Apache 2.0 before 2.0.43, and 1.3.x up to 1.3.26, when UseCanonicalName is "Off" and support for wildcard DNS is present, allows remote attackers to execute script as other web page visitors via the Host: header, a different vulnerability than CAN-2002-1157.

Remediation

References

CVE-2002-0840

Related Vulnerabilities

WordPress Plugin Simple Mail Address Encoder Cross-Site Scripting (1.6.1)

ASP.NET MVC Improper Input Validation Vulnerability (CVE-2017-0249)

Apache HTTP Server Out-of-bounds Write Vulnerability (CVE-2020-35452)

WordPress Plugin FoxyPress 'uploadify.php' Arbitrary File Upload (0.4.2.1)

WordPress Plugin Currency Switcher for WooCommerce Security Bypass (2.11.1)

Severity

Medium

Classification

CVE-2002-0840

Tags

Missing Update Known Vulnerabilities