Cross-site scripting (XSS) vulnerability in the default error page of Apache 2.0 before 2.0.43, and 1.3.x up to 1.3.26, when UseCanonicalName is "Off" and support for wildcard DNS is present, allows remote attackers to execute script as other web page visitors via the Host: header, a different vulnerability than CAN-2002-1157.
2002-10-11T04:00:00.000
2025-04-03T01:03:51.193
Deferred
CVSSv2: 6.8 (MEDIUM)
AV:N/AC:M/Au:N/C:P/I:P/A:P
8.6
6.4
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | apache | http_server | 1.3 | Yes |
| Application | apache | http_server | 1.3.1 | Yes |
| Application | apache | http_server | 1.3.3 | Yes |
| Application | apache | http_server | 1.3.4 | Yes |
| Application | apache | http_server | 1.3.6 | Yes |
| Application | apache | http_server | 1.3.9 | Yes |
| Application | apache | http_server | 1.3.11 | Yes |
| Application | apache | http_server | 1.3.12 | Yes |
| Application | apache | http_server | 1.3.14 | Yes |
| Application | apache | http_server | 1.3.17 | Yes |
| Application | apache | http_server | 1.3.18 | Yes |
| Application | apache | http_server | 1.3.19 | Yes |
| Application | apache | http_server | 1.3.20 | Yes |
| Application | apache | http_server | 1.3.22 | Yes |
| Application | apache | http_server | 1.3.23 | Yes |
| Application | apache | http_server | 1.3.24 | Yes |
| Application | apache | http_server | 1.3.25 | Yes |
| Application | apache | http_server | 1.3.26 | Yes |
| Application | apache | http_server | 2.0 | Yes |
| Application | apache | http_server | 2.0.28 | Yes |
| Application | apache | http_server | 2.0.32 | Yes |
| Application | apache | http_server | 2.0.35 | Yes |
| Application | apache | http_server | 2.0.36 | Yes |
| Application | apache | http_server | 2.0.37 | Yes |
| Application | apache | http_server | 2.0.38 | Yes |
| Application | apache | http_server | 2.0.39 | Yes |
| Application | apache | http_server | 2.0.40 | Yes |
| Application | apache | http_server | 2.0.41 | Yes |
| Application | apache | http_server | 2.0.42 | Yes |
| Application | oracle | application_server | 1.0.2 | Yes |
| Application | oracle | application_server | 1.0.2.1s | Yes |
| Application | oracle | application_server | 1.0.2.2 | Yes |
| Application | oracle | application_server | 9.0.2 | Yes |
| Application | oracle | application_server | 9.0.2 | Yes |
| Application | oracle | application_server | 9.0.2.1 | Yes |
| Application | oracle | database_server | 8.1.7 | Yes |
| Application | oracle | database_server | 9.2.1 | Yes |
| Application | oracle | database_server | 9.2.2 | Yes |
| Application | oracle | oracle8i | 8.1.7 | Yes |
| Application | oracle | oracle8i | 8.1.7.1 | Yes |
| Application | oracle | oracle8i | 8.1.7_.0.0_enterprise | Yes |
| Application | oracle | oracle8i | 8.1.7_.1.0_enterprise | Yes |
| Application | oracle | oracle9i | 9.0 | Yes |
| Application | oracle | oracle9i | 9.0.1 | Yes |
| Application | oracle | oracle9i | 9.0.1.2 | Yes |
| Application | oracle | oracle9i | 9.0.1.3 | Yes |
| Application | oracle | oracle9i | 9.0.2 | Yes |