Cross-site scripting (XSS) vulnerability in the default error page of Apache 2.0 before 2.0.43, and 1.3.x up to 1.3.26, when UseCanonicalName is "Off" and support for wildcard DNS is present, allows remote attackers to execute script as other web page visitors via the Host: header, a different vulnerability than CAN-2002-1157.
https://exchange.xforce.ibmcloud.com/vulnerabilities/10241
http://www.securityfocus.com/bid/5847
http://www.redhat.com/support/errata/RHSA-2003-106.html
http://www.redhat.com/support/errata/RHSA-2002-251.html
http://www.redhat.com/support/errata/RHSA-2002-248.html
http://www.redhat.com/support/errata/RHSA-2002-244.html
http://www.redhat.com/support/errata/RHSA-2002-243.html
http://www.redhat.com/support/errata/RHSA-2002-222.html
http://www.linuxsecurity.com/advisories/other_advisory-2414.html
http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-068.php
http://www.kb.cert.org/vuls/id/240329
http://www.debian.org/security/2002/dsa-195
http://www.debian.org/security/2002/dsa-188
http://www.debian.org/security/2002/dsa-187
http://www.apacheweek.com/issues/02-10-04
http://online.securityfocus.com/advisories/4617
http://marc.info/?l=bugtraq&m=103376585508776&w=2
http://marc.info/?l=bugtraq&m=103357160425708&w=2
http://marc.info/?l=apache-httpd-announce&m=103367938230488&w=2
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000530
http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0003.html
http://archives.neohapsis.com/archives/bugtraq/2002-10/0254.html