Executive Summary
Informations | |||
---|---|---|---|
Name | CVE-2002-0840 | First vendor Publication | 2002-10-11 |
Vendor | Cve | Last vendor Modification | 2024-11-20 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 6.8 | Attack Range | Network |
Cvss Impact Score | 6.4 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Cross-site scripting (XSS) vulnerability in the default error page of Apache 2.0 before 2.0.43, and 1.3.x up to 1.3.26, when UseCanonicalName is "Off" and support for wildcard DNS is present, allows remote attackers to execute script as other web page visitors via the Host: header, a different vulnerability than CAN-2002-1157. |
Original Source
Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0840 |
CAPEC : Common Attack Pattern Enumeration & Classification
Id | Name |
---|---|
CAPEC-198 | Cross-Site Scripting in Error Pages |
CWE : Common Weakness Enumeration
% | Id | Name |
---|
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2009-05-05 | Name : HP-UX Update for Apache HPSBUX00224 File : nvt/gb_hp_ux_HPSBUX00224.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 187-1 (apache) File : nvt/deb_187_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 188-1 (apache-ssl) File : nvt/deb_188_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 195-1 (apache-perl) File : nvt/deb_195_1.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
862 | Apache HTTP Server SSI Error Page XSS Apache contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate server signature data by Server Side Include (SSI) error pages. This could allow a remote attacker to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity. |
Snort® IPS/IDS
Date | Description |
---|---|
2018-02-03 | Apache SSI error page cross-site scripting attempt RuleID : 45307 - Revision : 2 - Type : SERVER-APACHE |
2014-01-10 | Apache SSI error page cross-site scripting attempt RuleID : 11687 - Revision : 21 - Type : SERVER-APACHE |
2014-01-10 | encoded cross site scripting HTML Image tag attempt RuleID : 10990 - Revision : 8 - Type : SERVER-WEBAPP |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2012-01-24 | Name : The remote web server may be affected by multiple vulnerabilities. File : oracle_application_server_pci.nasl - Type : ACT_GATHER_INFO |
2010-04-30 | Name : The remote web server is prone to cross-site scripting attacks. File : torture_cgi_XSS_headers.nasl - Type : ACT_MIXED_ATTACK |
2005-03-18 | Name : The remote HP-UX host is missing a security-related patch. File : hpux_PHSS_28098.nasl - Type : ACT_GATHER_INFO |
2005-03-18 | Name : The remote HP-UX host is missing a security-related patch. File : hpux_PHSS_28099.nasl - Type : ACT_GATHER_INFO |
2005-03-18 | Name : The remote HP-UX host is missing a security-related patch. File : hpux_PHSS_28111.nasl - Type : ACT_GATHER_INFO |
2005-02-16 | Name : The remote HP-UX host is missing a security-related patch. File : hpux_PHSS_28090.nasl - Type : ACT_GATHER_INFO |
2005-02-16 | Name : The remote HP-UX host is missing a security-related patch. File : hpux_PHSS_28705.nasl - Type : ACT_GATHER_INFO |
2004-09-29 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-187.nasl - Type : ACT_GATHER_INFO |
2004-09-29 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-188.nasl - Type : ACT_GATHER_INFO |
2004-09-29 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-195.nasl - Type : ACT_GATHER_INFO |
2004-07-31 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2002-068.nasl - Type : ACT_GATHER_INFO |
2004-07-06 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2002-251.nasl - Type : ACT_GATHER_INFO |
2002-10-04 | Name : The remote web server is affected by multiple vulnerabilities. File : apache_1_3_27.nasl - Type : ACT_GATHER_INFO |
Sources (Detail)
Alert History
Date | Informations |
---|---|
2024-11-28 23:23:46 |
|
2024-11-28 12:05:07 |
|
2023-11-07 21:48:11 |
|
2021-06-06 17:23:05 |
|
2021-06-03 13:23:14 |
|
2021-05-04 12:01:50 |
|
2021-04-22 01:01:58 |
|
2021-03-30 17:22:45 |
|
2020-05-23 00:15:02 |
|
2019-08-16 12:01:07 |
|
2017-10-10 09:23:24 |
|
2016-10-18 12:01:02 |
|
2016-06-28 14:59:31 |
|
2016-04-26 12:13:02 |
|
2014-02-17 10:24:54 |
|
2014-01-19 21:21:44 |
|
2013-05-11 12:10:47 |
|