CVE-2002-0840

Name of the Vulnerable Software and Affected Versions: Apache versions 1.3.x up to 1.3.26 Apache versions 2.0 before 2.0.43

Description: A cross-site scripting (XSS) issue exists in the default error page of Apache, allowing remote attackers to execute script as other web page visitors via the Host: header when UseCanonicalName is "Off" and support for wildcard DNS is present.

Recommendations: For Apache versions 1.3.x up to 1.3.26, update to a version later than 1.3.26 to resolve the issue. For Apache versions 2.0 before 2.0.43, update to version 2.0.43 or later to resolve the issue. As a temporary workaround, consider setting UseCanonicalName to "On" to minimize the risk of exploitation.