CVE-2002-0840
CVE-2002-0840
Cross-site scripting (XSS) vulnerability in the default error page of Apache 2.0 before 2.0.43, and 1.3.x up to 1.3.26, when UseCanonicalName is "Off" and support for wildcard DNS is present, allows remote attackers to execute script as other web page visitors via the Host: header, a different vulnerability than CAN-2002-1157.
Productos afectados
n/a · n/aPoCs públicas encontradas — 1
exploitdbwww.exploit-db.com/exploits/21885no verificado⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.
¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →Referencias
ftp://patches.sgi.com/support/free/security/advisories/20021105-02-Ihttp://archives.neohapsis.com/archives/bugtraq/2002-10/0254.htmlhttp://archives.neohapsis.com/archives/vulnwatch/2002-q4/0003.htmlhttp://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000530http://marc.info/?l=apache-httpd-announce&m=103367938230488&w=2http://marc.info/?l=bugtraq&m=103357160425708&w=2http://marc.info/?l=bugtraq&m=103376585508776&w=2http://online.securityfocus.com/advisories/4617https://exchange.xforce.ibmcloud.com/vulnerabilities/10241https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E