Vulnetix
Try Vulnetix Request Demo
DEBIAN-CVE-2002-0840 PUBLISHED CVSS 9.300000190734863 CRITICAL

Cross-site scripting (XSS) vulnerability in the default error page of Apache 2.0 before 2.0.43, and 1.3.x up to 1.3.26, when UseCanonicalName is "Off" and support for wildcard DNS is present, allows remote attackers to execute script as other web page visitors via the Host: header, a different vulnerability than CAN-2002-1157.

Risk Scores

CVSS v4.0
9.300000190734863
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

Affected Products

VendorProductVersions
Debian:14apache20, 0
Debian:11apache20, 0
Debian:12apache20, 0
Debian:13apache20, 0

Timeline

References

Open in Interactive Console →