Lucene search

K

[email protected]NVD:CVE-2002-1157

HistoryNov 04, 2002 - 5:00 a.m.

CVE-2002-1157

2002-11-0405:00:00

[email protected]

web.nvd.nist.gov

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

6.1 Medium

AI Score

Confidence

Low

0.971 High

EPSS

Percentile

99.8%

Cross-site scripting vulnerability in the mod_ssl Apache module 2.8.9 and earlier, when UseCanonicalName is off and wildcard DNS is enabled, allows remote attackers to execute script as other web site visitors, via the server name in an HTTPS response on the SSL port, which is used in a self-referencing URL, a different vulnerability than CAN-2002-0840.

Affected configurations

NVD

Node

mod_sslmod_sslRange≤2.8.9

References

archives.neohapsis.com/archives/bugtraq/2002-10/0374.html

distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000541

online.securityfocus.com/archive/1/296753

www.debian.org/security/2002/dsa-181

www.iss.net/security_center/static/10457.php

www.linux-mandrake.com/en/security/2002/MDKSA-2002-072.php

www.linuxsecurity.com/advisories/other_advisory-2512.html

www.osvdb.org/2107

www.redhat.com/support/errata/RHSA-2002-222.html

www.redhat.com/support/errata/RHSA-2002-243.html

www.redhat.com/support/errata/RHSA-2002-244.html

www.redhat.com/support/errata/RHSA-2002-248.html

www.redhat.com/support/errata/RHSA-2002-251.html

www.redhat.com/support/errata/RHSA-2003-106.html

www.securityfocus.com/bid/6029

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

6.1 Medium

AI Score

Confidence

Low

0.971 High

EPSS

Percentile

99.8%

Related for NVD:CVE-2002-1157

cvelist2 f53 nvd1 cve2 debiancve1 nessus15 redhat1 ubuntucve2 openvas10 debian8 altlinux6 httpd2 securityvulns1 cert2 osv3