Cross-site scripting vulnerability in the mod_ssl Apache module 2.8.9 and earlier, when UseCanonicalName is off and wildcard DNS is enabled, allows remote attackers to execute script as other web site visitors, via the server name in an HTTPS response on the SSL port, which is used in a self-referencing URL, a different vulnerability than CAN-2002-0840.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2004-09-01T04:00:00
Updated: 2004-08-18T00:00:00
Reserved: 2002-09-26T00:00:00
Link: CVE-2002-1157
JSON object: View
NVD Information
Status : Analyzed
Published: 2002-11-04T05:00:00.000
Modified: 2008-09-05T20:29:56.143
Link: CVE-2002-1157
JSON object: View
Redhat Information
No data.
CWE