7.5

CVE-2002-0843

Buffer overflows in the ApacheBench benchmark support program (ab.c) in Apache before 1.3.27, and Apache 2.x before 2.0.43, allow a malicious web server to cause a denial of service and possibly execute arbitrary code via a long response.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
ApacheHTTP Server Version1.3
ApacheHTTP Server Version1.3.1
ApacheHTTP Server Version1.3.3
ApacheHTTP Server Version1.3.4
ApacheHTTP Server Version1.3.6
ApacheHTTP Server Version1.3.9
ApacheHTTP Server Version1.3.11
ApacheHTTP Server Version1.3.12
ApacheHTTP Server Version1.3.14
ApacheHTTP Server Version1.3.17
ApacheHTTP Server Version1.3.18
ApacheHTTP Server Version1.3.19
ApacheHTTP Server Version1.3.20
ApacheHTTP Server Version1.3.22
ApacheHTTP Server Version1.3.23
ApacheHTTP Server Version1.3.24
ApacheHTTP Server Version1.3.25
ApacheHTTP Server Version1.3.26
OracleApplication Server Version1.0.2
OracleApplication Server Version1.0.2.1s
OracleApplication Server Version1.0.2.2
OracleApplication Server Version9.0.2
OracleApplication Server Version9.0.2 Updater2
OracleApplication Server Version9.0.2.1
OracleDatabase Server Version8.1.7
OracleDatabase Server Version9.2.2
OracleOracle8i Version8.1.7
OracleOracle8i Version8.1.7.0.0_enterprise
OracleOracle8i Version8.1.7.1
OracleOracle8i Version8.1.7.1.0_enterprise
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 21.42% 0.973
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rf2f0f3611f937cf6cfb3b4fe4a67f69885855126110e1e3f2fb2728e%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rd00b45b93fda4a5bd013b28587207d0e00f99f6e3308dbb6025f3b01%40%3Ccvs.httpd.apache.org%3E
ftp://patches.sgi.com/support/free/security/advisories/20021105-01-I
http://archives.neohapsis.com/archives/bugtraq/2002-10/0254.html
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000530
http://marc.info/?l=apache-httpd-announce&m=103367938230488&w=2
http://marc.info/?l=bugtraq&m=103376585508776&w=2
http://online.securityfocus.com/advisories/4617
http://www.apacheweek.com/issues/02-10-04
Vendor Advisory
http://www.debian.org/security/2002/dsa-187
http://www.debian.org/security/2002/dsa-188
http://www.debian.org/security/2002/dsa-195
http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-068.php
http://www.linuxsecurity.com/advisories/other_advisory-2414.html
http://archives.neohapsis.com/archives/bugtraq/2002-10/0229.html
http://distro.conectiva.com/atualizacoes/?id=a&anuncio=000530
http://secunia.com/advisories/21425
http://www-1.ibm.com/support/search.wss?rs=0&q=IY87070&apar=only
http://www.iss.net/security_center/static/10281.php
http://www.securityfocus.com/bid/5887
http://www.securityfocus.com/bid/5995
http://www.securityfocus.com/bid/5996
http://www.vupen.com/english/advisories/2006/3263
http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=2871