VDB
CVE-2002-1157
CVE-2002-1157
PUBLISHED
Reported by mitre · Published September 1, 2004
Cross-site scripting vulnerability in the mod_ssl Apache module 2.8.9 and earlier, when UseCanonicalName is off and wildcard DNS is enabled, allows remote attackers to execute script as other web site visitors, via the server name in an HTTPS response on the SSL port, which is used in a self-referencing URL, a different vulnerability than CAN-2002-0840.
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | n/a | n/a |
| n/a | n/a | n/a, n/a, n/a |
Timeline
- Nov 4, 2002 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- May 20, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 9, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- May 25, 2023 EPSS Score
- Jul 17, 2023 EPSS Score
- Aug 9, 2023 EPSS Score
References
- 20021026 GLSA: mod_ssl mailing-listx_refsource_BUGTRAQ
- RHSA-2002:243 vendor-advisoryx_refsource_REDHAT
- 6029 vdb-entryx_refsource_BID
- RHSA-2002:222 vendor-advisoryx_refsource_REDHAT
- RHSA-2003:106 vendor-advisoryx_refsource_REDHAT
- RHSA-2002:251 vendor-advisoryx_refsource_REDHAT
- DSA-181 vendor-advisoryx_refsource_DEBIAN
- 2107 vdb-entryx_refsource_OSVDB
- ESA-20021029-027 vendor-advisoryx_refsource_ENGARDE
- apache-modssl-host-xss(10457) vdb-entryx_refsource_XF
- MDKSA-2002:072 vendor-advisoryx_refsource_MANDRAKE
- 20021023 [OpenPKG-SA-2002.010] OpenPKG Security Advisory (apache) mailing-listx_refsource_BUGTRAQ
- CLA-2002:541 vendor-advisoryx_refsource_CONECTIVA
- RHSA-2002:248 vendor-advisoryx_refsource_REDHAT
- RHSA-2002:244 vendor-advisoryx_refsource_REDHAT