CVE-2002-0840

Apache HTTP Server - XSS

Title source: rule

Description

Cross-site scripting (XSS) vulnerability in the default error page of Apache 2.0 before 2.0.43, and 1.3.x up to 1.3.26, when UseCanonicalName is "Off" and support for wildcard DNS is present, allows remote attackers to execute script as other web page visitors via the Host: header, a different vulnerability than CAN-2002-1157.

Exploits (1)

exploitdb WORKING POC VERIFIED

by mattmurphy · textremotemultiple

https://www.exploit-db.com/exploits/21885

View Code ZIP pw:eip

References (37)

[Third Party Advisory] http://archives.neohapsis.com/archives/bugtraq/2002-10/0254.html

[Third Party Advisory] http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0003.html

[Vendor Advisory] http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000530

[Third Party Advisory, VDB Entry] http://online.securityfocus.com/advisories/4617

[Vendor Advisory] http://www.apacheweek.com/issues/02-10-04

[US Government Resource] http://www.kb.cert.org/vuls/id/240329

[Various Sources] http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-068.php

[Various Sources] http://www.linuxsecurity.com/advisories/other_advisory-2414.html

[Third Party Advisory, VDB Entry] http://www.osvdb.org/862

[Vendor Advisory] http://www.redhat.com/support/errata/RHSA-2002-222.html

[Vendor Advisory] http://www.redhat.com/support/errata/RHSA-2002-243.html

[Vendor Advisory] http://www.redhat.com/support/errata/RHSA-2002-244.html

[Vendor Advisory] http://www.redhat.com/support/errata/RHSA-2002-248.html

[Vendor Advisory] http://www.redhat.com/support/errata/RHSA-2002-251.html

[Vendor Advisory] http://www.redhat.com/support/errata/RHSA-2003-106.html

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/10241

[Vendor Advisory] ftp://patches.sgi.com/support/free/security/advisories/20021105-02-I

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/5847

[Third Party Advisory] http://www.debian.org/security/2002/dsa-187

[Third Party Advisory] http://www.debian.org/security/2002/dsa-188

... and 17 more

Scores

EPSS 0.9110

EPSS Percentile 99.7%

Details

Status published

Products (46)

apache/http_server 1.3

apache/http_server 1.3.1

apache/http_server 1.3.3

apache/http_server 1.3.4

apache/http_server 1.3.6

apache/http_server 1.3.9

apache/http_server 1.3.11

apache/http_server 1.3.12

apache/http_server 1.3.14

apache/http_server 1.3.17

... and 36 more

Published Oct 11, 2002

Tracked Since Feb 18, 2026