CVE-2002-0840
Apache HTTP Server < 2.0.43 and 1.3.x <= 1.3.26 - Cross-Site Scripting via Host Header
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2002-0840. PoCs published by mattmurphy.
AI-analyzed exploit summary This exploit demonstrates a cross-site scripting (XSS) vulnerability in Apache's SSI error pages by injecting malicious HTML/script code via a crafted URL. The attack executes arbitrary JavaScript in the context of the victim's browser when visiting the malicious link.
Description
Cross-site scripting (XSS) vulnerability in the default error page of Apache 2.0 before 2.0.43, and 1.3.x up to 1.3.26, when UseCanonicalName is "Off" and support for wildcard DNS is present, allows remote attackers to execute script as other web page visitors via the Host: header, a different vulnerability than CAN-2002-1157.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by mattmurphy · textremotemultiple
https://www.exploit-db.com/exploits/21885
This exploit demonstrates a cross-site scripting (XSS) vulnerability in Apache's SSI error pages by injecting malicious HTML/script code via a crafted URL. The attack executes arbitrary JavaScript in the context of the victim's browser when visiting the malicious link.
Classification
Working Poc 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target:
Apache HTTP Server (versions affected by CVE-2002-0840)
No auth needed
Prerequisites:
Victim must visit the crafted URL · Apache server with vulnerable SSI error page handling
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026
Full analysis →
References (37)
Core 37
Core References
Various Sources vendor-advisory
x_refsource_engarde
http://www.linuxsecurity.com/advisories/other_advisory-2414.html
Third Party Advisory, VDB Entry vendor-advisory
x_refsource_hp
http://online.securityfocus.com/advisories/4617
Vendor Advisory x_refsource_confirm
http://www.apacheweek.com/issues/02-10-04
Various Sources vendor-advisory
x_refsource_mandrake
http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-068.php
Vendor Advisory vendor-advisory
x_refsource_conectiva
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000530
Third Party Advisory mailing-list
x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2002-10/0254.html
Vendor Advisory vendor-advisory
x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2002-243.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/862
Vendor Advisory vendor-advisory
x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2002-222.html
Vendor Advisory vendor-advisory
x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2003-106.html
Vendor Advisory vendor-advisory
x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2002-251.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/10241
Third Party Advisory mailing-list
x_refsource_vulnwatch
http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0003.html
US Government Resource third-party-advisory
x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/240329
Vendor Advisory vendor-advisory
x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2002-248.html
Vendor Advisory vendor-advisory
x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2002-244.html
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2002/dsa-188
Mailing List x_refsource_confirm
http://marc.info/?l=apache-httpd-announce&m=103367938230488&w=2
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2002/dsa-187
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2002/dsa-195
Mailing List mailing-list
x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=103376585508776&w=2
Mailing List mailing-list
x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=103357160425708&w=2
Vendor Advisory vendor-advisory
x_refsource_sgi
ftp://patches.sgi.com/support/free/security/advisories/20021105-02-I
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/5847
Mailing List mailing-list
x_refsource_mlist
https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E
Mailing List mailing-list
x_refsource_mlist
https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E
Mailing List mailing-list
x_refsource_mlist
https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E
Mailing List mailing-list
x_refsource_mlist
https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3E
Mailing List mailing-list
x_refsource_mlist
https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E
Mailing List mailing-list
x_refsource_mlist
https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5%40%3Ccvs.httpd.apache.org%3E
Mailing List mailing-list
x_refsource_mlist
https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3E
Mailing List mailing-list
x_refsource_mlist
https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3E
Mailing List mailing-list
x_refsource_mlist
https://lists.apache.org/thread.html/rd00b45b93fda4a5bd013b28587207d0e00f99f6e3308dbb6025f3b01%40%3Ccvs.httpd.apache.org%3E
Mailing List mailing-list
x_refsource_mlist
https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E
Mailing List mailing-list
x_refsource_mlist
https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4%40%3Ccvs.httpd.apache.org%3E
Mailing List mailing-list
x_refsource_mlist
https://lists.apache.org/thread.html/rf2f0f3611f937cf6cfb3b4fe4a67f69885855126110e1e3f2fb2728e%40%3Ccvs.httpd.apache.org%3E
Mailing List mailing-list
x_refsource_mlist
https://lists.apache.org/thread.html/r5001ecf3d6b2bdd0b732e527654248abb264f08390045d30709a92f6%40%3Ccvs.httpd.apache.org%3E
Scores
EPSS
0.9401
EPSS Percentile
99.8%
Details
Status
published
Products (46)
apache/http_server
1.3
apache/http_server
1.3.1
apache/http_server
1.3.3
apache/http_server
1.3.4
apache/http_server
1.3.6
apache/http_server
1.3.9
apache/http_server
1.3.11
apache/http_server
1.3.12
apache/http_server
1.3.14
apache/http_server
1.3.17
... and 36 more
Published
Oct 11, 2002
Tracked Since
Feb 18, 2026