Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2002-0840Cross-site Scripting in Apache Http Server

11 documents8 sources
Severity
6.8MEDIUMNVD
EPSS
91.1%
top 0.35%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
5
Apache Http ServerOracle Application ServerOracle Database Server+2 more
Timeline
PublishedOct 11
Latest updateMay 3

Description

Cross-site scripting (XSS) vulnerability in the default error page of Apache 2.0 before 2.0.43, and 1.3.x up to 1.3.26, when UseCanonicalName is "Off" and support for wildcard DNS is present, allows remote attackers to execute script as other web page visitors via the Host: header, a different vulnerability than CAN-2002-1157.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages5 packages

NVDapache/http_server29 versions+28
NVDoracle/oracle8i4 versions+3
NVDoracle/oracle9i5 versions+4
NVDoracle/database_server8.1.7, 9.2.1, 9.2.2+2
NVDoracle/application_server5 versions+4

🔴Vulnerability Details

3
GHSA
GHSA-rg25-cp4q-r4c8: Cross-site scripting (XSS) vulnerability in the default error page of Apache 22022-05-03
CVEList
CVE-2002-0840: Cross-site scripting (XSS) vulnerability in the default error page of Apache 22004-09-01
OSV
CVE-2002-0840: Cross-site scripting (XSS) vulnerability in the default error page of Apache 22002-10-11

💥Exploits & PoCs

1
Exploit-DB
Apache 1.3/2.0.x - Server Side Include Cross-Site Scripting2002-10-02

📋Vendor Advisories

3
Red Hat
security flaw2002-10-22
Red Hat
security flaw2002-10-02
Debian
CVE-2002-0840: apache2 - Cross-site scripting (XSS) vulnerability in the default error page of Apache 2.0...2002

💬Community

3
Bugzilla
CVE-2002-0840 security flaw2018-08-16
Bugzilla
CVE-2002-1157 security flaw2018-08-16
Bugzilla
XSS vulnerabilities2002-10-02