Think you have a false positive on this rule?

Sid 1-45307

Message

SERVER-APACHE Apache SSI error page cross-site scripting attempt

Summary

This event is generated when a cross-site scripting attempt is detected in Apache SSI.

Impact

Web Application Attack

CVE-2002-0840:

CVSS base score 6.8

CVSS impact score 6.4

CVSS exploitability score 8.6

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

Detailed information

CVE-2002-0840: Cross-site scripting (XSS) vulnerability in the default error page of Apache 2.0 before 2.0.43, and 1.3.x up to 1.3.26, when UseCanonicalName is "Off" and support for wildcard DNS is present, allows remote attackers to execute script as other web page visitors via the Host: header, a different vulnerability than CAN-2002-1157.

Affected systems

  • apache http_server 1.3
  • apache http_server 1.3.1
  • apache http_server 1.3.3
  • apache http_server 1.3.4
  • apache http_server 1.3.6
  • apache http_server 1.3.9
  • apache http_server 1.3.11
  • apache http_server 1.3.12
  • apache http_server 1.3.14
  • apache http_server 1.3.17
  • apache http_server 1.3.18
  • apache http_server 1.3.19
  • apache http_server 1.3.20
  • apache http_server 1.3.22
  • apache http_server 1.3.23
  • apache http_server 1.3.24
  • apache http_server 1.3.25
  • apache http_server 1.3.26
  • apache http_server 2.0
  • apache http_server 2.0.28
  • apache http_server 2.0.32
  • apache http_server 2.0.35
  • apache http_server 2.0.36
  • apache http_server 2.0.37
  • apache http_server 2.0.38
  • apache http_server 2.0.39
  • apache http_server 2.0.40
  • apache http_server 2.0.41
  • apache http_server 2.0.42
  • oracle application_server 1.0.2
  • oracle application_server 1.0.2.1s
  • oracle application_server 1.0.2.2
  • oracle application_server 9.0.2
  • oracle application_server 9.0.2.1
  • oracle database_server 8.1.7
  • oracle database_server 9.2.1
  • oracle database_server 9.2.2
  • oracle oracle8i 8.1.7
  • oracle oracle8i 8.1.7.1
  • oracle oracle8i 8.1.7.0.0enterprise
  • oracle oracle8i 8.1.7.1.0enterprise
  • oracle oracle9i 9.0
  • oracle oracle9i 9.0.1
  • oracle oracle9i 9.0.1.2
  • oracle oracle9i 9.0.1.3
  • oracle oracle9i 9.0.2

Ease of attack

CVE-2002-0840:

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

False positives

False negatives

Corrective action

Contributors

  • Cisco's Talos Intelligence Group

Additional References