CVE-2002-0840 in Apache and Oracle Products
Published on October 11, 2002

Cross-site scripting (XSS) vulnerability in the default error page of Apache 2.0 before 2.0.43, and 1.3.x up to 1.3.26, when UseCanonicalName is "Off" and support for wildcard DNS is present, allows remote attackers to execute script as other web page visitors via the Host: header, a different vulnerability than CAN-2002-1157.

Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory NVD

Products Associated with CVE-2002-0840

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2002-0840 are published in these products:

Apache HTTP Server

Oracle Application Server

Oracle Database Server

Oracle8i

Oracle9i

Exploit Probability

EPSS

91.10%

Percentile

99.63%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

CVE-2002-0840 in Apache and Oracle ProductsPublished on October 11, 2002

Products Associated with CVE-2002-0840

Exploit Probability

CVE-2002-0840 in Apache and Oracle Products
Published on October 11, 2002