CVE-2002-0840
EPSS 90.2%發布日:2002/10/11修改日:2026/4/28
描述
Cross-site scripting (XSS) vulnerability in the default error page of Apache 2.0 before 2.0.43, and 1.3.x up to 1.3.26, when UseCanonicalName is "Off" and support for wildcard DNS is present, allows remote attackers to execute script as other web page visitors via the Host: header, a different vulnerability than CAN-2002-1157.
受影響套件(1)
- Debian/apache2from 0, < 2.0.43-1