Loading
Cross-site scripting (XSS) vulnerability in the default error page of Apache 2.0 before 2.0.43, and 1.3.x up to 1.3.26, when UseCanonicalName is "Off" and support for wildcard DNS is present, allows remote attackers to execute script as other web page visitors via the Host: header, a different vulnerability than CAN-2002-1157.
Use Apache vendor hub and Http Server product page to widen CVE-2002-0840 into its surrounding weakness, vendor, and product context.
Compare it with CVE-2025-23048, CVE-2025-58098 and CVE-2025-59775 for nearby disclosures in the same product family.