CVE-2002-1157

Name of the Vulnerable Software and Affected Versions: Apache mod ssl module version 2.8.9 and earlier

Description: A cross-site scripting issue exists in the mod ssl Apache module. This occurs when UseCanonicalName is off and wildcard DNS is enabled, allowing remote attackers to execute scripts as other web site visitors. The attack vector involves the server name in an HTTPS response on the SSL port, which is used in a self-referencing URL.

Recommendations: For Apache mod ssl module version 2.8.9 and earlier, consider updating to a version where this issue is resolved, or as a temporary workaround, enable UseCanonicalName and disable wildcard DNS to minimize the risk of exploitation.