National Vulnerability Database (NVD) National Vulnerability Database (CVE-2002-0840)

National Cyber-Alert System

Vulnerability Summary for CVE-2002-0840

Original release date:10/11/2002

Last revised:09/10/2008

Source: US-CERT/NIST

Overview

Cross-site scripting (XSS) vulnerability in the default error page of Apache 2.0 before 2.0.43, and 1.3.x up to 1.3.26, when UseCanonicalName is "Off" and support for wildcard DNS is present, allows remote attackers to execute script as other web page visitors via the Host: header, a different vulnerability than CAN-2002-1157.

Impact

CVSS Severity (version 2.0):

CVSS v2 Base Score:6.8 (MEDIUM) (AV:N/AC:M/Au:N/C:P/I:P/A:P) (legend)

Impact Subscore: 6.4

Exploitability Subscore: 8.6

CVSS Version 2 Metrics:

Access Vector: Network exploitable

Access Complexity: Medium

Authentication: Not required to exploit

Impact Type:Provides user account access, Allows partial confidentiality, integrity, and availability violation; Allows unauthorized disclosure of information; Allows disruption of service

Vendor Statments (disclaimer)

Official Statement from Apache (07/02/2008): Fixed in Apache HTTP Server 2.0.43 and 1.3.27: http://httpd.apache.org/security/vulnerabilities_20.html http://httpd.apache.org/security/vulnerabilities_13.html

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

US-CERT Vulnerability Note: VU#240329

Name: VU#240329

Hyperlink:http://www.kb.cert.org/vuls/id/240329

External Source: BUGTRAQ

Name: 20021002 Apache 2 Cross-Site Scripting

Type: Advisory; Patch Information

Hyperlink:http://marc.theaimsgroup.com/?l=bugtraq&m=103357160425708&w=2

External Source: XF

Name: apache-http-host-xss(10241)

Type: Advisory

Hyperlink:http://xforce.iss.net/xforce/xfdb/10241

External Source: CONFIRM

Name: http://www.apacheweek.com/issues/02-10-04

Type: Advisory

Hyperlink:http://www.apacheweek.com/issues/02-10-04

External Source: BID

Name: 5847

Hyperlink:http://www.securityfocus.com/bid/5847

External Source: REDHAT

Name: RHSA-2003:106

Hyperlink:http://www.redhat.com/support/errata/RHSA-2003-106.html

External Source: REDHAT

Name: RHSA-2002:251

Hyperlink:http://www.redhat.com/support/errata/RHSA-2002-251.html

External Source: REDHAT

Name: RHSA-2002:248

Hyperlink:http://www.redhat.com/support/errata/RHSA-2002-248.html

External Source: REDHAT

Name: RHSA-2002:244

Hyperlink:http://www.redhat.com/support/errata/RHSA-2002-244.html

External Source: REDHAT

Name: RHSA-2002:243

Hyperlink:http://www.redhat.com/support/errata/RHSA-2002-243.html

External Source: REDHAT

Name: RHSA-2002:222

Hyperlink:http://www.redhat.com/support/errata/RHSA-2002-222.html

External Source: OSVDB

Name: 862

Hyperlink:http://www.osvdb.org/862

External Source: ENGARDE

Name: ESA-20021007-024

Hyperlink:http://www.linuxsecurity.com/advisories/other_advisory-2414.html

External Source: MANDRAKE

Name: MDKSA-2002:068

Hyperlink:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-068.php

External Source: DEBIAN

Name: DSA-195

Hyperlink:http://www.debian.org/security/2002/dsa-195

External Source: DEBIAN

Name: DSA-188

Hyperlink:http://www.debian.org/security/2002/dsa-188

External Source: DEBIAN

Name: DSA-187

Hyperlink:http://www.debian.org/security/2002/dsa-187

External Source: HP

Name: HPSBUX0210-224

Hyperlink:http://online.securityfocus.com/advisories/4617

External Source: BUGTRAQ

Name: 20021003 [OpenPKG-SA-2002.009] OpenPKG Security Advisory (apache)

Hyperlink:http://marc.theaimsgroup.com/?l=bugtraq&m=103376585508776&w=2

External Source: CONFIRM

Name: http://marc.theaimsgroup.com/?l=apache-httpd-announce&m=103367938230488&w=2

Hyperlink:http://marc.theaimsgroup.com/?l=apache-httpd-announce&m=103367938230488&w=2

External Source: CONECTIVA

Name: CLA-2002:530

Hyperlink:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000530

External Source: VULNWATCH

Name: 20021002 Apache 2 Cross-Site Scripting

Hyperlink:http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0003.html

External Source: BUGTRAQ

Name: 20021017 TSLSA-2002-0069-apache

Hyperlink:http://archives.neohapsis.com/archives/bugtraq/2002-10/0254.html

External Source: SGI

Name: 20021105-02-I

Hyperlink:ftp://patches.sgi.com/support/free/security/advisories/20021105-02-I

Vulnerable software and versions

Configuration 1

* cpe:/a:apache:http_server:1.3

* cpe:/a:apache:http_server:1.3.1

* cpe:/a:apache:http_server:1.3.11

* cpe:/a:apache:http_server:1.3.12

* cpe:/a:apache:http_server:1.3.14

* cpe:/a:apache:http_server:1.3.17

* cpe:/a:apache:http_server:1.3.18

* cpe:/a:apache:http_server:1.3.19

* cpe:/a:apache:http_server:1.3.20

* cpe:/a:apache:http_server:1.3.22

* cpe:/a:apache:http_server:1.3.23

* cpe:/a:apache:http_server:1.3.24

* cpe:/a:apache:http_server:1.3.25

* cpe:/a:apache:http_server:1.3.26

* cpe:/a:apache:http_server:1.3.3

* cpe:/a:apache:http_server:1.3.4

* cpe:/a:apache:http_server:1.3.6

* cpe:/a:apache:http_server:1.3.9

* cpe:/a:apache:http_server:2.0

* cpe:/a:apache:http_server:2.0.28

* cpe:/a:apache:http_server:2.0.32

* cpe:/a:apache:http_server:2.0.35

* cpe:/a:apache:http_server:2.0.36

* cpe:/a:apache:http_server:2.0.37

* cpe:/a:apache:http_server:2.0.38

* cpe:/a:apache:http_server:2.0.39

* cpe:/a:apache:http_server:2.0.40

* cpe:/a:apache:http_server:2.0.41

* cpe:/a:apache:http_server:2.0.42

* cpe:/a:oracle:application_server:1.0.2

* cpe:/a:oracle:application_server:1.0.2.1s

* cpe:/a:oracle:application_server:1.0.2.2

* cpe:/a:oracle:application_server:9.0.2

* cpe:/a:oracle:application_server:9.0.2.1

* cpe:/a:oracle:application_server:9.0.2:r2

* cpe:/a:oracle:database_server:8.1.7

* cpe:/a:oracle:database_server:9.2.1

* cpe:/a:oracle:database_server:9.2.2

* cpe:/a:oracle:oracle8i:8.1.7

* cpe:/a:oracle:oracle8i:8.1.7.1

* cpe:/a:oracle:oracle8i:8.1.7_.0.0_enterprise

* cpe:/a:oracle:oracle8i:8.1.7_.1.0_enterprise

* cpe:/a:oracle:oracle9i:9.0

* cpe:/a:oracle:oracle9i:9.0.1

* cpe:/a:oracle:oracle9i:9.0.1.2

* cpe:/a:oracle:oracle9i:9.0.1.3

* cpe:/a:oracle:oracle9i:9.0.2

* Denotes Vulnerable Software

Technical Details

Vulnerability Type (View All)

CVE Standard Vulnerability Entry:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0840