6.8

CVE-2002-0840

Cross-site scripting (XSS) vulnerability in the default error page of Apache 2.0 before 2.0.43, and 1.3.x up to 1.3.26, when UseCanonicalName is "Off" and support for wildcard DNS is present, allows remote attackers to execute script as other web page visitors via the Host: header, a different vulnerability than CAN-2002-1157.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
ApacheHTTP Server Version1.3
ApacheHTTP Server Version1.3.1
ApacheHTTP Server Version1.3.3
ApacheHTTP Server Version1.3.4
ApacheHTTP Server Version1.3.6
ApacheHTTP Server Version1.3.9
ApacheHTTP Server Version1.3.11
ApacheHTTP Server Version1.3.12
ApacheHTTP Server Version1.3.14
ApacheHTTP Server Version1.3.17
ApacheHTTP Server Version1.3.18
ApacheHTTP Server Version1.3.19
ApacheHTTP Server Version1.3.20
ApacheHTTP Server Version1.3.22
ApacheHTTP Server Version1.3.23
ApacheHTTP Server Version1.3.24
ApacheHTTP Server Version1.3.25
ApacheHTTP Server Version1.3.26
ApacheHTTP Server Version2.0
ApacheHTTP Server Version2.0.28
ApacheHTTP Server Version2.0.32
ApacheHTTP Server Version2.0.35
ApacheHTTP Server Version2.0.36
ApacheHTTP Server Version2.0.37
ApacheHTTP Server Version2.0.38
ApacheHTTP Server Version2.0.39
ApacheHTTP Server Version2.0.40
ApacheHTTP Server Version2.0.41
ApacheHTTP Server Version2.0.42
OracleApplication Server Version1.0.2
OracleApplication Server Version1.0.2.1s
OracleApplication Server Version1.0.2.2
OracleApplication Server Version9.0.2
OracleApplication Server Version9.0.2 Updater2
OracleApplication Server Version9.0.2.1
OracleDatabase Server Version8.1.7
OracleDatabase Server Version9.2.1
OracleDatabase Server Version9.2.2
OracleOracle8i Version8.1.7
OracleOracle8i Version8.1.7.1
OracleOracle8i Version8.1.7_.0.0_enterprise
OracleOracle8i Version8.1.7_.1.0_enterprise
OracleOracle9i Version9.0
OracleOracle9i Version9.0.1
OracleOracle9i Version9.0.1.2
OracleOracle9i Version9.0.1.3
OracleOracle9i Version9.0.2
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 94.01% 0.998
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.8 8.6 6.4
AV:N/AC:M/Au:N/C:P/I:P/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rf2f0f3611f937cf6cfb3b4fe4a67f69885855126110e1e3f2fb2728e%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r5001ecf3d6b2bdd0b732e527654248abb264f08390045d30709a92f6%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rd00b45b93fda4a5bd013b28587207d0e00f99f6e3308dbb6025f3b01%40%3Ccvs.httpd.apache.org%3E
http://www.redhat.com/support/errata/RHSA-2003-106.html
http://www.redhat.com/support/errata/RHSA-2002-243.html
http://www.redhat.com/support/errata/RHSA-2002-244.html
http://www.redhat.com/support/errata/RHSA-2002-248.html
http://archives.neohapsis.com/archives/bugtraq/2002-10/0254.html
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000530
http://marc.info/?l=apache-httpd-announce&m=103367938230488&w=2
http://marc.info/?l=bugtraq&m=103376585508776&w=2
http://online.securityfocus.com/advisories/4617
http://www.apacheweek.com/issues/02-10-04
Vendor Advisory
http://www.debian.org/security/2002/dsa-187
http://www.debian.org/security/2002/dsa-188
http://www.debian.org/security/2002/dsa-195
http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-068.php
http://www.linuxsecurity.com/advisories/other_advisory-2414.html
ftp://patches.sgi.com/support/free/security/advisories/20021105-02-I
http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0003.html
http://marc.info/?l=bugtraq&m=103357160425708&w=2
http://www.kb.cert.org/vuls/id/240329
US Government Resource
http://www.osvdb.org/862
http://www.redhat.com/support/errata/RHSA-2002-222.html
http://www.redhat.com/support/errata/RHSA-2002-251.html
http://www.securityfocus.com/bid/5847
https://exchange.xforce.ibmcloud.com/vulnerabilities/10241