Vulnetix
Try Vulnetix Request Demo
CVE-2002-0840 PUBLISHED CVSS 6.800000190734863 MEDIUM

Cross-site scripting (XSS) vulnerability in the default error page of Apache 2.0 before 2.0.43, and 1.3.x up to 1.3.26, when UseCanonicalName is "Off" and support for wildcard DNS is present, allows remote attackers to execute script as other web page visitors via the Host: header, a different vulnerability than CAN-2002-1157.

EPSS 91.10% · 99.6th percentile

Risk Scores

CVSS v2.0
6.800000190734863
EPSS Score
91.10%
99.6th percentile

Affected Products

VendorProductVersions
n/an/an/a
oracleoracle8i8.1.7_.1.0_enterprise, 8.1.7, 8.1.7.1
oracledatabase_server9.2.1, 9.2.2, 8.1.7
oracleapplication_server1.0.2.1s, 1.0.2.2, 9.0.2
apachehttp_server1.3.22, 1.3.23, 1.3.24
oracleoracle9i9.0, 9.0.1, 9.0.1.2

Timeline

References

…and 31 more

Open in Interactive Console →