VYPR
Unrated severityNVD Advisory· Published Oct 11, 2002· Updated Jun 16, 2026

CVE-2002-0840

CVE-2002-0840

Description

Cross-site scripting (XSS) vulnerability in the default error page of Apache 2.0 before 2.0.43, and 1.3.x up to 1.3.26, when UseCanonicalName is "Off" and support for wildcard DNS is present, allows remote attackers to execute script as other web page visitors via the Host: header, a different vulnerability than CAN-2002-1157.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

48
  • Apache/HTTP Server30 versions
    cpe:2.3:a:apache:http_server:1.3:*:*:*:*:*:*:*+ 29 more
    • cpe:2.3:a:apache:http_server:1.3:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:http_server:1.3.1:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:http_server:1.3.11:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:http_server:1.3.12:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:http_server:1.3.14:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:http_server:1.3.17:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:http_server:1.3.18:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:http_server:1.3.19:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:http_server:1.3.20:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:http_server:1.3.22:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:http_server:1.3.23:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:http_server:1.3.24:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:http_server:1.3.25:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:http_server:1.3.26:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:http_server:1.3.3:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:http_server:1.3.4:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:http_server:1.3.6:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:http_server:1.3.9:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:http_server:2.0:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:http_server:2.0.28:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:http_server:2.0.32:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:http_server:2.0.35:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:http_server:2.0.36:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:http_server:2.0.37:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:http_server:2.0.38:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:http_server:2.0.39:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:http_server:2.0.40:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:http_server:2.0.41:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:http_server:2.0.42:*:*:*:*:*:*:*
    • (no CPE)range: >=2.0 <2.0.43, >=1.3 <=1.3.26
  • cpe:2.3:a:oracle:application_server:1.0.2:*:*:*:*:*:*:*+ 5 more
    • cpe:2.3:a:oracle:application_server:1.0.2:*:*:*:*:*:*:*
    • cpe:2.3:a:oracle:application_server:1.0.2.1s:*:*:*:*:*:*:*
    • cpe:2.3:a:oracle:application_server:1.0.2.2:*:*:*:*:*:*:*
    • cpe:2.3:a:oracle:application_server:9.0.2:*:*:*:*:*:*:*
    • cpe:2.3:a:oracle:application_server:9.0.2.1:*:*:*:*:*:*:*
    • cpe:2.3:a:oracle:application_server:9.0.2:r2:*:*:*:*:*:*
  • cpe:2.3:a:oracle:database_server:8.1.7:*:*:*:*:*:*:*+ 2 more
    • cpe:2.3:a:oracle:database_server:8.1.7:*:*:*:*:*:*:*
    • cpe:2.3:a:oracle:database_server:9.2.1:*:*:*:*:*:*:*
    • cpe:2.3:a:oracle:database_server:9.2.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:oracle8i:8.1.7:*:*:*:*:*:*:*+ 3 more
    • cpe:2.3:a:oracle:oracle8i:8.1.7:*:*:*:*:*:*:*
    • cpe:2.3:a:oracle:oracle8i:8.1.7_.0.0_enterprise:*:*:*:*:*:*:*
    • cpe:2.3:a:oracle:oracle8i:8.1.7.1:*:*:*:*:*:*:*
    • cpe:2.3:a:oracle:oracle8i:8.1.7_.1.0_enterprise:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:oracle9i:9.0:*:*:*:*:*:*:*+ 4 more
    • cpe:2.3:a:oracle:oracle9i:9.0:*:*:*:*:*:*:*
    • cpe:2.3:a:oracle:oracle9i:9.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:oracle:oracle9i:9.0.1.2:*:*:*:*:*:*:*
    • cpe:2.3:a:oracle:oracle9i:9.0.1.3:*:*:*:*:*:*:*
    • cpe:2.3:a:oracle:oracle9i:9.0.2:*:*:*:*:*:*:*

Patches

Vulnerability mechanics

References

37

News mentions

0

No linked articles in our index yet.