Cross-site scripting (XSS) vulnerability in the default error page of Apache 2.0 prior to 2.0.43, and 1.3.x up to 1.3.26, when UseCanonicalName is "Off" and support for wildcard DNS is present, allows remote malicious users to execute script as other web page visitors via the Host: header, a different vulnerability than CAN-2002-1157.
| Vulnerable Product | Search on Vulmon | Subscribe to Product |
|---|---|---|
apache http server 2.0.42 |
||
oracle application server 9.0.2.1 |
||
apache http server 1.3.23 |
||
oracle oracle9i 9.0.1 |
||
oracle oracle9i 9.0.2 |
||
oracle oracle8i 8.1.7_.0.0_enterprise |
||
oracle database server 8.1.7 |
||
apache http server 2.0.35 |
||
apache http server 2.0.37 |
||
apache http server 1.3.1 |
||
apache http server 1.3.25 |
||
oracle oracle9i 9.0 |
||
apache http server 1.3.19 |
||
oracle database server 9.2.1 |
||
apache http server 2.0.39 |
||
apache http server 1.3.24 |
||
oracle application server 9.0.2 |
||
apache http server 1.3.20 |
||
apache http server 1.3.6 |
||
apache http server 2.0.41 |
||
oracle oracle8i 8.1.7.1 |
||
oracle oracle8i 8.1.7 |
||
apache http server 1.3.4 |
||
oracle oracle8i 8.1.7_.1.0_enterprise |
||
apache http server 1.3.18 |
||
apache http server 2.0.32 |
||
oracle oracle9i 9.0.1.3 |
||
oracle application server 1.0.2.1s |
||
apache http server 2.0.38 |
||
apache http server 1.3 |
||
apache http server 1.3.12 |
||
apache http server 1.3.3 |
||
apache http server 1.3.17 |
||
oracle oracle9i 9.0.1.2 |
||
apache http server 1.3.26 |
||
apache http server 1.3.9 |
||
apache http server 2.0.40 |
||
apache http server 2.0.36 |
||
apache http server 1.3.14 |
||
apache http server 1.3.22 |
||
apache http server 1.3.11 |
||
oracle application server 1.0.2.2 |
||
apache http server 2.0.28 |
||
oracle database server 9.2.2 |
||
apache http server 2.0 |
||
oracle application server 1.0.2 |
Vulmon