CVE-2002-0840
CVE-2002-0840
Cross-site scripting (XSS) vulnerability in the default error page of Apache 2.0 before 2.0.43, and 1.3.x up to 1.3.26, when UseCanonicalName is "Off" and support for wildcard DNS is present, allows remote attackers to execute script as other web page visitors via the Host: header, a different vulnerability than CAN-2002-1157.
Produtos afetados
n/a · n/aPoCs públicas encontradas — 1
exploitdbwww.exploit-db.com/exploits/21885não verificado⚠ Recursos públicos, para você avaliar a exposição de sistemas que controla ou está autorizado a testar. Teste apenas com autorização.
Quer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →Referências
ftp://patches.sgi.com/support/free/security/advisories/20021105-02-Ihttp://archives.neohapsis.com/archives/bugtraq/2002-10/0254.htmlhttp://archives.neohapsis.com/archives/vulnwatch/2002-q4/0003.htmlhttp://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000530http://marc.info/?l=apache-httpd-announce&m=103367938230488&w=2http://marc.info/?l=bugtraq&m=103357160425708&w=2http://marc.info/?l=bugtraq&m=103376585508776&w=2http://online.securityfocus.com/advisories/4617https://exchange.xforce.ibmcloud.com/vulnerabilities/10241https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E