CVE-2002-1157
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
6.1 Medium
AI Score
Confidence
Low
0.971 High
EPSS
Percentile
99.8%
Cross-site scripting vulnerability in the mod_ssl Apache module 2.8.9 and earlier, when UseCanonicalName is off and wildcard DNS is enabled, allows remote attackers to execute script as other web site visitors, via the server name in an HTTPS response on the SSL port, which is used in a self-referencing URL, a different vulnerability than CAN-2002-0840.
Affected configurations
| CPE | Name | Operator | Version |
|---|---|---|---|
| mod_ssl:mod_ssl | mod ssl | le | 2.8.9 |
References
archives.neohapsis.com/archives/bugtraq/2002-10/0374.html
distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000541
online.securityfocus.com/archive/1/296753
www.debian.org/security/2002/dsa-181
www.iss.net/security_center/static/10457.php
www.linux-mandrake.com/en/security/2002/MDKSA-2002-072.php
www.linuxsecurity.com/advisories/other_advisory-2512.html
www.osvdb.org/2107
www.redhat.com/support/errata/RHSA-2002-222.html
www.redhat.com/support/errata/RHSA-2002-243.html
www.redhat.com/support/errata/RHSA-2002-244.html
www.redhat.com/support/errata/RHSA-2002-248.html
www.redhat.com/support/errata/RHSA-2002-251.html
www.redhat.com/support/errata/RHSA-2003-106.html
www.securityfocus.com/bid/6029
Related
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
6.1 Medium
AI Score
Confidence
Low
0.971 High
EPSS
Percentile
99.8%