VYPR
Get started
← All advisories
Unrated severityNVD Advisory· Published Oct 11, 2002· Updated Apr 16, 2026

CVE-2002-0840

CVE-2002-0840

Description

Cross-site scripting (XSS) vulnerability in the default error page of Apache 2.0 before 2.0.43, and 1.3.x up to 1.3.26, when UseCanonicalName is "Off" and support for wildcard DNS is present, allows remote attackers to execute script as other web page visitors via the Host: header, a different vulnerability than CAN-2002-1157.

Affected products

47
  • Apache/Http Server29 versions
    cpe:2.3:a:apache:http_server:1.3:*:*:*:*:*:*:*+ 28 more
    • cpe:2.3:a:apache:http_server:1.3:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:http_server:1.3.1:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:http_server:1.3.11:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:http_server:1.3.12:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:http_server:1.3.14:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:http_server:1.3.17:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:http_server:1.3.18:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:http_server:1.3.19:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:http_server:1.3.20:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:http_server:1.3.22:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:http_server:1.3.23:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:http_server:1.3.24:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:http_server:1.3.25:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:http_server:1.3.26:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:http_server:1.3.3:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:http_server:1.3.4:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:http_server:1.3.6:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:http_server:1.3.9:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:http_server:2.0:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:http_server:2.0.28:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:http_server:2.0.32:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:http_server:2.0.35:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:http_server:2.0.36:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:http_server:2.0.37:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:http_server:2.0.38:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:http_server:2.0.39:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:http_server:2.0.40:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:http_server:2.0.41:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:http_server:2.0.42:*:*:*:*:*:*:*
  • Oracle Corporation/Application Server6 versions
    cpe:2.3:a:oracle:application_server:1.0.2:*:*:*:*:*:*:*+ 5 more
    • cpe:2.3:a:oracle:application_server:1.0.2:*:*:*:*:*:*:*
    • cpe:2.3:a:oracle:application_server:1.0.2.1s:*:*:*:*:*:*:*
    • cpe:2.3:a:oracle:application_server:1.0.2.2:*:*:*:*:*:*:*
    • cpe:2.3:a:oracle:application_server:9.0.2:*:*:*:*:*:*:*
    • cpe:2.3:a:oracle:application_server:9.0.2.1:*:*:*:*:*:*:*
    • cpe:2.3:a:oracle:application_server:9.0.2:r2:*:*:*:*:*:*
  • Oracle Corporation/Database Server3 versions
    cpe:2.3:a:oracle:database_server:8.1.7:*:*:*:*:*:*:*+ 2 more
    • cpe:2.3:a:oracle:database_server:8.1.7:*:*:*:*:*:*:*
    • cpe:2.3:a:oracle:database_server:9.2.1:*:*:*:*:*:*:*
    • cpe:2.3:a:oracle:database_server:9.2.2:*:*:*:*:*:*:*
  • Oracle Corporation/Oracle8i4 versions
    cpe:2.3:a:oracle:oracle8i:8.1.7:*:*:*:*:*:*:*+ 3 more
    • cpe:2.3:a:oracle:oracle8i:8.1.7:*:*:*:*:*:*:*
    • cpe:2.3:a:oracle:oracle8i:8.1.7_.0.0_enterprise:*:*:*:*:*:*:*
    • cpe:2.3:a:oracle:oracle8i:8.1.7.1:*:*:*:*:*:*:*
    • cpe:2.3:a:oracle:oracle8i:8.1.7_.1.0_enterprise:*:*:*:*:*:*:*
  • Oracle Corporation/Oracle9i5 versions
    cpe:2.3:a:oracle:oracle9i:9.0:*:*:*:*:*:*:*+ 4 more
    • cpe:2.3:a:oracle:oracle9i:9.0:*:*:*:*:*:*:*
    • cpe:2.3:a:oracle:oracle9i:9.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:oracle:oracle9i:9.0.1.2:*:*:*:*:*:*:*
    • cpe:2.3:a:oracle:oracle9i:9.0.1.3:*:*:*:*:*:*:*
    • cpe:2.3:a:oracle:oracle9i:9.0.2:*:*:*:*:*:*:*

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

37

News mentions

0

No linked articles in our index yet.