Apache 2.0 and 1.3.x Cross-Site Scripting (XSS) Vulnerability

Apache 2.0 and 1.3.x Cross-Site Scripting (XSS) Vulnerability

CVE-2002-0840 · MEDIUM Severity

AV:N/AC:M/AU:N/C:P/I:P/A:P

Cross-site scripting (XSS) vulnerability in the default error page of Apache 2.0 before 2.0.43, and 1.3.x up to 1.3.26, when UseCanonicalName is "Off" and support for wildcard DNS is present, allows remote attackers to execute script as other web page visitors via the Host: header, a different vulnerability than CAN-2002-1157.

Learn more about our Cis Benchmark Audit For Apache Http Server.