NA
CVSSv3

CVE-2002-0843

CVSSv4: NA | CVSSv3: NA | CVSSv2: 7.5 | VMScore: 850 | EPSS: 0.00744 | KEV: Not Included
Published: 11/10/2002 Updated: 20/11/2024

Vulnerability Summary

Buffer overflows in the ApacheBench benchmark support program (ab.c) in Apache prior to 1.3.27, and Apache 2.x prior to 2.0.43, allow a malicious web server to cause a denial of service and possibly execute arbitrary code via a long response.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

apache http server 1.3

apache http server 1.3.1

apache http server 1.3.3

apache http server 1.3.4

apache http server 1.3.6

apache http server 1.3.9

apache http server 1.3.11

apache http server 1.3.12

apache http server 1.3.14

apache http server 1.3.17

apache http server 1.3.18

apache http server 1.3.19

apache http server 1.3.20

apache http server 1.3.22

apache http server 1.3.23

apache http server 1.3.24

apache http server 1.3.25

apache http server 1.3.26

oracle application server 1.0.2

oracle application server 1.0.2.1s

oracle application server 1.0.2.2

oracle application server 9.0.2

oracle application server 9.0.2.1

oracle database server 8.1.7

oracle database server 9.2.2

oracle oracle8i 8.1.7

oracle oracle8i 8.1.7.0.0 enterprise

oracle oracle8i 8.1.7.1

oracle oracle8i 8.1.7.1.0 enterprise

Vendor Advisories

According to David Wagner, iDEFENSE and the Apache HTTP Server Project, several vulnerabilities have been found in the Apache package, a commonly used webserver Most of the code is shared between the Apache and Apache-SSL packages, so vulnerabilities are shared as well These vulnerabilities could allow an attacker to enact a denial of service aga ...
According to David Wagner, iDEFENSE and the Apache HTTP Server Project, several vulnerabilities have been found in the Apache server package, a commonly used webserver Most of the code is shared between the Apache and Apache-Perl packages, so vulnerabilities are shared as well These vulnerabilities could allow an attacker to enact a denial of ser ...

References

NVD-CWE-Otherhttps://nvd.nist.govhttps://www.debian.org/security/./dsa-188https://www.first.org/epssftp://patches.sgi.com/support/free/security/advisories/20021105-01-Ihttp://archives.neohapsis.com/archives/bugtraq/2002-10/0229.htmlhttp://archives.neohapsis.com/archives/bugtraq/2002-10/0254.htmlhttp://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000530http://distro.conectiva.com/atualizacoes/?id=a&anuncio=000530http://distro.conectiva.com/atualizacoes/?id=a&anuncio=000530http://marc.info/?l=apache-httpd-announce&m=103367938230488&w=2http://marc.info/?l=bugtraq&m=103376585508776&w=2http://online.securityfocus.com/advisories/4617http://secunia.com/advisories/21425http://www-1.ibm.com/support/search.wss?rs=0&q=IY87070&apar=onlyhttp://www.apacheweek.com/issues/02-10-04http://www.debian.org/security/2002/dsa-187http://www.debian.org/security/2002/dsa-188http://www.debian.org/security/2002/dsa-195http://www.iss.net/security_center/static/10281.phphttp://www.linux-mandrake.com/en/security/2002/MDKSA-2002-068.phphttp://www.linuxsecurity.com/advisories/other_advisory-2414.htmlhttp://www.securityfocus.com/bid/5887http://www.securityfocus.com/bid/5995http://www.securityfocus.com/bid/5996http://www.vupen.com/english/advisories/2006/3263http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=2871https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/rd00b45b93fda4a5bd013b28587207d0e00f99f6e3308dbb6025f3b01%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/rf2f0f3611f937cf6cfb3b4fe4a67f69885855126110e1e3f2fb2728e%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3Eftp://patches.sgi.com/support/free/security/advisories/20021105-01-Ihttp://archives.neohapsis.com/archives/bugtraq/2002-10/0229.htmlhttp://archives.neohapsis.com/archives/bugtraq/2002-10/0254.htmlhttp://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000530http://distro.conectiva.com/atualizacoes/?id=a&anuncio=000530http://distro.conectiva.com/atualizacoes/?id=a&anuncio=000530http://marc.info/?l=apache-httpd-announce&m=103367938230488&w=2http://marc.info/?l=bugtraq&m=103376585508776&w=2http://online.securityfocus.com/advisories/4617http://secunia.com/advisories/21425http://www-1.ibm.com/support/search.wss?rs=0&q=IY87070&apar=onlyhttp://www.apacheweek.com/issues/02-10-04http://www.debian.org/security/2002/dsa-187http://www.debian.org/security/2002/dsa-188http://www.debian.org/security/2002/dsa-195http://www.iss.net/security_center/static/10281.phphttp://www.linux-mandrake.com/en/security/2002/MDKSA-2002-068.phphttp://www.linuxsecurity.com/advisories/other_advisory-2414.htmlhttp://www.securityfocus.com/bid/5887http://www.securityfocus.com/bid/5995http://www.securityfocus.com/bid/5996http://www.vupen.com/english/advisories/2006/3263http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=2871https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/rd00b45b93fda4a5bd013b28587207d0e00f99f6e3308dbb6025f3b01%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/rf2f0f3611f937cf6cfb3b4fe4a67f69885855126110e1e3f2fb2728e%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E