Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv2

CVE-2002-0392

Published: 03/07/2002 Updated: 07/11/2023
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
VMScore: 766
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Http Server

Vulnerability Summary

Apache 1.3 up to and including 1.3.24, and Apache 2.0 up to and including 2.0.36, allows remote malicious users to cause a denial of service and possibly execute arbitrary code via a chunk-encoded HTTP request that causes Apache to use an incorrect size.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

apache http server

debian debian linux 2.2

Vendor Advisories

Debian Security Advisories: DSA-131-1 apache -- remote DoS / exploit
Mark Litchfield found a denial of service attack in the Apache web-server While investigating the problem the Apache Software Foundation discovered that the code for handling invalid requests which use chunked encoding also might allow arbitrary code execution on 64 bit architectures This has been fixed in version 139-141 of the Debian apache ...
Debian Security Advisories: DSA-133-1 apache-perl -- remote DoS / exploit
Mark Litchfield found a denial of service attack in the Apache web-server While investigating the problem the Apache Software Foundation discovered that the code for handling invalid requests which use chunked encoding also might allow arbitrary code execution This has been fixed in version 139-141-12120000309-1 of the Debian apache-perl pac ...
Debian Security Advisories: DSA-132-1 apache-ssl -- remote DoS / exploit
Mark Litchfield found a denial of service attack in the Apache web-server While investigating the problem the Apache Software Foundation discovered that the code for handling invalid requests which use chunked encoding also might allow arbitrary code execution on 64 bit architectures This has been fixed in version 13913-41 of the Debian apach ...

Exploits

Exploit DB: Apache 1.x/2.0.x - Chunked-Encoding Memory Corruption (1)
source: wwwsecurityfocuscom/bid/5033/info When processing requests coded with the 'Chunked Encoding' mechanism, Apache fails to properly calculate required buffer sizes This is believed to be due to improper (signed) interpretation of an unsigned integer value Consequently, several conditions that have security implications may occur R ...
Exploit DB: Apache (Windows x86) - Chunked Encoding (Metasploit)
## # $Id: apache_chunkedrb 9719 2010-07-07 17:38:59Z jduck $ ## ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions Please see the Metasploit # Framework web site for more information on licensing and terms of use # metasploitcom/framework/ ## require 'msf/core' class M ...
Exploit DB: Apache 1.x/2.0.x - Chunked-Encoding Memory Corruption (2)
source: wwwsecurityfocuscom/bid/5033/info When processing requests coded with the 'Chunked Encoding' mechanism, Apache fails to properly calculate required buffer sizes This is believed to be due to improper (signed) interpretation of an unsigned integer value Consequently, several conditions that have security implications may occur ...

Github Repositories

https://github.com/attwad/gocvss

Library to parse Common Vulnerability Scoring System vectors and generate scores

gocvss Library to parse Common Vulnerability Scoring System vectors and generate scores Usage Let's take CVE-2002-0392 as an example, suppose you already have a base vector, you can parse it with var c, err = Parse("AV:N/AC:L/Au:N/C:N/I:N/A:C") if err != nil { tErrorf("New from vector failed: %v", err) } And the

https://github.com/goark/go-cvss

Common Vulnerability Scoring System (CVSS)

go-cvss - Common Vulnerability Scoring System (CVSS) Importing CVSS vector and scoring Supports CVSS v2, v30 and v31 Exporting CVSS information with template string Migrated repository to githubcom/goark/go-cvss Sample Code Base Metrics package main import ( "fmt" "os" "githubcom/goark/go-cvss/v3/metric" ) func main() {

https://github.com/spiegel-im-spiegel/go-cvss

Common Vulnerability Scoring System (CVSS)

go-cvss - Common Vulnerability Scoring System (CVSS) Importing CVSS vector and scoring Supports CVSS v2, v30 and v31 Exporting CVSS information with template string Migrated repository to githubcom/goark/go-cvss Sample Code Base Metrics package main import ( "fmt" "os" "githubcom/goark/go-cvss/v3/metric" ) func main() {

References

NVD-CWE-noinfohttp://httpd.apache.org/info/security_bulletin_20020617.txthttp://www.cert.org/advisories/CA-2002-17.htmlhttp://online.securityfocus.com/archive/1/278149ftp://patches.sgi.com/support/free/security/advisories/20020605-01-Aftp://patches.sgi.com/support/free/security/advisories/20020605-01-Ihttp://rhn.redhat.com/errata/RHSA-2002-103.htmlhttp://www.redhat.com/support/errata/RHSA-2002-126.htmlhttp://www.redhat.com/support/errata/RHSA-2002-150.htmlhttp://www.redhat.com/support/errata/RHSA-2003-106.htmlhttp://frontal2.mandriva.com/security/advisories?name=MDKSA-2002:039ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-029.0.txtftp://ftp.caldera.com/pub/updates/OpenUNIX/CSSA-2002-SCO.31ftp://ftp.caldera.com/pub/updates/OpenServer/CSSA-2002-SCO.32http://distro.conectiva.com/atualizacoes/?id=a&anuncio=000498http://www.debian.org/security/2002/dsa-131http://www.debian.org/security/2002/dsa-132http://www.debian.org/security/2002/dsa-133http://www.linuxsecurity.com/advisories/other_advisory-2137.htmlhttp://rhn.redhat.com/errata/RHSA-2002-118.htmlhttp://rhn.redhat.com/errata/RHSA-2002-117.htmlhttp://archives.neohapsis.com/archives/bugtraq/2002-06/0235.htmlhttp://archives.neohapsis.com/archives/bugtraq/2002-06/0266.htmlhttp://www.novell.com/linux/security/advisories/2002_22_apache.htmlhttp://www.kb.cert.org/vuls/id/944335http://online.securityfocus.com/advisories/4240http://online.securityfocus.com/advisories/4257http://www.securityfocus.com/bid/5033http://www.securityfocus.com/bid/20005http://www.frsirt.com/english/advisories/2006/3598http://www.osvdb.org/838http://secunia.com/advisories/21917http://www.iss.net/security_center/static/9249.phphttp://www2.itrc.hp.com/service/cki/docDisplay.do?docLocale=en_US&docId=200000083816475https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/rd00b45b93fda4a5bd013b28587207d0e00f99f6e3308dbb6025f3b01%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/rf2f0f3611f937cf6cfb3b4fe4a67f69885855126110e1e3f2fb2728e%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/r5001ecf3d6b2bdd0b732e527654248abb264f08390045d30709a92f6%40%3Ccvs.httpd.apache.org%3Ehttps://nvd.nist.govhttps://www.debian.org/security/./dsa-131https://github.com/attwad/gocvsshttps://www.exploit-db.com/exploits/21559/https://www.kb.cert.org/vuls/id/944335
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-3675CVE-2024-3400CVE-2024-23557mass assignmentCVE-2023-1389local file inclusionCVE-2024-32596file uploadCVE-2024-32593
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook