VDB
CVE-2002-0840
CVE-2002-0840
PUBLISHED
CVSS 6.800000190734863 MEDIUM
Cross-site scripting (XSS) vulnerability in the default error page of Apache 2.0 before 2.0.43, and 1.3.x up to 1.3.26, when UseCanonicalName is "Off" and support for wildcard DNS is present, allows remote attackers to execute script as other web page visitors via the Host: header, a different vulnerability than CAN-2002-1157.
EPSS 90.18% · 99.6th percentile
Risk Scores
CVSS 2.0
6.800000190734863
EPSS Score
90.18%
99.6th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | n/a | n/a |
| oracle | oracle8i | *, *, 8.1.7 |
| oracle | database_server | 9.2.1, 8.1.7, 9.2.2 |
| oracle | application_server | 9.0.2.1, 9.0.2, 1.0.2.1s |
| apache | http_server | 2.0.41, 2.0.39, 2.0.40 |
| oracle | oracle9i | 9.0.2, 9.0.1, 9.0 |
Exploit Intelligence
- SERVER-APACHE Apache SSI error page cross-site scripting attempt [disabled] (vulnetix)
- SERVER-APACHE Apache SSI error page cross-site scripting attempt [disabled] (community-snort)
- SERVER-APACHE Apache SSI error page cross-site scripting attempt [disabled] (community-snort)
- VU#240329 (circl)
- RHSA-2002:248 (circl)
- http://www.apacheweek.com/issues/02-10-04 (circl)
- DSA-195 (circl)
- 20021003 [OpenPKG-SA-2002.009] OpenPKG Security Advisory (apache) (circl)
- RHSA-2002:244 (circl)
- CLA-2002:530 (circl)
…and 30 more exploits
Timeline
- CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 9, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- May 25, 2023 EPSS Score
- Jul 17, 2023 EPSS Score
- Oct 30, 2023 EPSS Score
- Dec 22, 2023 EPSS Score
References
- DSA-188 vendor-advisory
- http://marc.info/?l=apache-httpd-announce&m=103367938230488&w=2 url
- ESA-20021007-024 vendor-advisory
- HPSBUX0210-224 vendor-advisory
- DSA-187 vendor-advisory
- http://www.apacheweek.com/issues/02-10-04 url
- DSA-195 vendor-advisory
- 20021003 [OpenPKG-SA-2002.009] OpenPKG Security Advisory (apache) mailing-list
- MDKSA-2002:068 vendor-advisory
- CLA-2002:530 vendor-advisory
- 20021017 TSLSA-2002-0069-apache mailing-list
- 20021002 Apache 2 Cross-Site Scripting mailing-list
- RHSA-2002:243 vendor-advisory
- 862 vdb
- RHSA-2002:222 vendor-advisory
- RHSA-2003:106 vendor-advisory
- RHSA-2002:251 vendor-advisory
- apache-http-host-xss(10241) vdb
- 20021105-02-I vendor-advisory
- 20021002 Apache 2 Cross-Site Scripting mailing-list
…and 31 more