[Forgot Password]
Login  Register Subscribe

30481

 
 

423868

 
 

256288

 
 

909

 
 

199146

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2002-1157Date: (C)2002-11-04   (M)2023-12-22


Cross-site scripting vulnerability in the mod_ssl Apache module 2.8.9 and earlier, when UseCanonicalName is off and wildcard DNS is enabled, allows remote attackers to execute script as other web site visitors, via the server name in an HTTPS response on the SSL port, which is used in a self-referencing URL, a different vulnerability than CAN-2002-0840.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 7.5
Exploit Score: 10.0
Impact Score: 6.4
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality: PARTIAL
Integrity: PARTIAL
Availability: PARTIAL
  
Reference:
http://online.securityfocus.com/archive/1/296753
http://archives.neohapsis.com/archives/bugtraq/2002-10/0374.html
OSVDB-2107
BID-6029
CLA-2002:541
DSA-181
ESA-20021029-027
MDKSA-2002:072
RHSA-2002:222
RHSA-2002:243
RHSA-2002:244
RHSA-2002:248
RHSA-2002:251
RHSA-2003:106
apache-modssl-host-xss(10457)

© SecPod Technologies