Search for vulnerabilities
| Vulnerability ID | VCID-nkgw-gs9g-ckft |
| Aliases |
CVE-2002-0840
|
| Summary | Cross-site scripting (XSS) vulnerability in the default error page of Apache 2.0 before 2.0.43, and 1.3.x up to 1.3.26, when UseCanonicalName is "Off" and support for wildcard DNS is present, allows remote attackers to execute script as other web page visitors via the Host: header. |
| Status | Published |
| Exploitability | 2.0 |
| Weighted Severity | 2.1 |
| Risk | 4.2 |
| Affected and Fixed Packages | Package Details |
| There are no known CWE. |
| System | Score | Found at |
|---|---|---|
| epss | 0.91102 | https://api.first.org/data/v1/epss?cve=CVE-2002-0840 |
| epss | 0.91102 | https://api.first.org/data/v1/epss?cve=CVE-2002-0840 |
| epss | 0.91102 | https://api.first.org/data/v1/epss?cve=CVE-2002-0840 |
| epss | 0.91102 | https://api.first.org/data/v1/epss?cve=CVE-2002-0840 |
| apache_httpd | low | https://httpd.apache.org/security/json/CVE-2002-0840.json |
| Reference id | Reference type | URL |
|---|---|---|
| https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2002-0840.json | ||
| https://api.first.org/data/v1/epss?cve=CVE-2002-0840 | ||
| https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0840 | ||
| 1616823 | https://bugzilla.redhat.com/show_bug.cgi?id=1616823 | |
| CVE-2002-0840 | https://httpd.apache.org/security/json/CVE-2002-0840.json | |
| CVE-2002-0840;OSVDB-862 | Exploit | https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/21885.txt |
| CVE-2002-0840;OSVDB-862 | Exploit | https://www.securityfocus.com/bid/5847/info |
| RHSA-2002:222 | https://access.redhat.com/errata/RHSA-2002:222 | |
| RHSA-2002:243 | https://access.redhat.com/errata/RHSA-2002:243 | |
| RHSA-2002:244 | https://access.redhat.com/errata/RHSA-2002:244 | |
| RHSA-2002:248 | https://access.redhat.com/errata/RHSA-2002:248 | |
| RHSA-2002:251 | https://access.redhat.com/errata/RHSA-2002:251 | |
| RHSA-2003:106 | https://access.redhat.com/errata/RHSA-2003:106 |
| Data source | Exploit-DB |
|---|---|
| Date added | Oct. 2, 2002 |
| Description | Apache 1.3/2.0.x - Server Side Include Cross-Site Scripting |
| Ransomware campaign use | Known |
| Source publication date | Oct. 2, 2002 |
| Exploit type | remote |
| Platform | multiple |
| Source update date | Oct. 10, 2012 |
| Source URL | https://www.securityfocus.com/bid/5847/info |
| Percentile | 0.99642 |
| EPSS Score | 0.91102 |
| Published At | April 4, 2026, 12:55 p.m. |
| Date | Actor | Action | Source | VulnerableCode Version |
|---|---|---|---|---|
| 2026-04-01T12:36:11.681525+00:00 | Apache HTTPD Importer | Import | https://httpd.apache.org/security/json/CVE-2002-0840.json | 38.0.0 |