CVE-2002-0840

Source
https://nvd.nist.gov/vuln/detail/CVE-2002-0840
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2002-0840.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2002-0840
Downstream
Published
2002-10-11T04:00:00Z
Modified
2025-08-09T19:01:28Z
Summary
[none]
Details

Cross-site scripting (XSS) vulnerability in the default error page of Apache 2.0 before 2.0.43, and 1.3.x up to 1.3.26, when UseCanonicalName is "Off" and support for wildcard DNS is present, allows remote attackers to execute script as other web page visitors via the Host: header, a different vulnerability than CAN-2002-1157.

References

Affected packages