CVE-2002-0840

Description

Cross-site scripting (XSS) vulnerability in the default error page of Apache 2.0 before 2.0.43, and 1.3.x up to 1.3.26, when UseCanonicalName is "Off" and support for wildcard DNS is present, allows remote attackers to execute script as other web page visitors via the Host: header, a different vulnerability than CAN-2002-1157.

How to fix CVE-2002-0840

To remediate CVE-2002-0840, upgrade the affected package to a fixed version below.

• Debian/apache2—upgrade to 2.0.43-1 or later

Is CVE-2002-0840 being exploited?

Likely — EPSS is 90.2%, placing CVE-2002-0840 in the top tier of vulnerabilities by exploitation probability. Prioritise patching.

Affected packages (1)

• from 0, < 2.0.43-1

References (1)

• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2002-0840