Cross-site scripting (XSS) vulnerability in the default error page of Apache 2.0 prior to 2.0.43, and 1.3.x up to 1.3.26, when UseCanonicalName is "Off" and support for wildcard DNS is present, allows remote malicious users to execute script as other web page visitors via the Host: header, a different vulnerability than CAN-2002-1157.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
apache http server 1.3 |
||
apache http server 1.3.1 |
||
apache http server 1.3.3 |
||
apache http server 1.3.4 |
||
apache http server 1.3.6 |
||
apache http server 1.3.9 |
||
apache http server 1.3.11 |
||
apache http server 1.3.12 |
||
apache http server 1.3.14 |
||
apache http server 1.3.17 |
||
apache http server 1.3.18 |
||
apache http server 1.3.19 |
||
apache http server 1.3.20 |
||
apache http server 1.3.22 |
||
apache http server 1.3.23 |
||
apache http server 1.3.24 |
||
apache http server 1.3.25 |
||
apache http server 1.3.26 |
||
apache http server 2.0 |
||
apache http server 2.0.28 |
||
apache http server 2.0.32 |
||
apache http server 2.0.35 |
||
apache http server 2.0.36 |
||
apache http server 2.0.37 |
||
apache http server 2.0.38 |
||
apache http server 2.0.39 |
||
apache http server 2.0.40 |
||
apache http server 2.0.41 |
||
apache http server 2.0.42 |
||
oracle application server 1.0.2 |
||
oracle application server 1.0.2.1s |
||
oracle application server 1.0.2.2 |
||
oracle application server 9.0.2 |
||
oracle application server 9.0.2.1 |
||
oracle database server 8.1.7 |
||
oracle database server 9.2.1 |
||
oracle database server 9.2.2 |
||
oracle oracle8i 8.1.7 |
||
oracle oracle8i 8.1.7.1 |
||
oracle oracle8i 8.1.7 .0.0 enterprise |
||
oracle oracle8i 8.1.7 .1.0 enterprise |
||
oracle oracle9i 9.0 |
||
oracle oracle9i 9.0.1 |
||
oracle oracle9i 9.0.1.2 |
||
oracle oracle9i 9.0.1.3 |
||
oracle oracle9i 9.0.2 |