Release DateDec 24, 2011 |
Severitymedium |
ImpactSystem Compromise: Remote attackers can gain control of vulnerable systems |
DescriptionThis indicates that an attempt to exploit a Cross Site Scripting vulnerability in the Apache Web Server.The Apache web server is vulnerable to a Cross Site Scripting attack because it does not properly sanitize malicious HTML code when displaying SSI error pages. This could lead to the execution of arbitrary HTML and web scripts. |
Affected ProductsApache 2.0 before 2.0.43Apache 1.3.0 up to 1.3.26 |
Recommended ActionsUpgrade to the latest version available from the website.http://httpd.apache.org/ |
Coverage IPS
VCM |
Common Vulnerabilities and Exposures (CVE)CVE-2002-0840 |
Reference/shttp://www.securityfocus.com/bid/5847 (BugTraq) |
