7.5

CVE-2002-1850

Exploit
mod_cgi in Apache 2.0.39 and 2.0.40 allows local users and possibly remote attackers to cause a denial of service (hang and memory consumption) by causing a CGI script to send a large amount of data to stderr, which results in a read/write deadlock between httpd and the CGI script.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
ApacheHTTP Server Version2.0.39
ApacheHTTP Server Version2.0.40
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.26% 0.841
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:N/A:P
CWE-667 Improper Locking

The product does not properly acquire or release a lock on a resource, leading to unexpected resource state changes and behaviors.

http://seclists.org/bugtraq/2002/Sep/0253.html
Third Party Advisory
Exploit
Mailing List
http://securitytracker.com/id?1007823
Patch
Third Party Advisory
Broken Link
VDB Entry
http://www.securityfocus.com/bid/5787
Third Party Advisory
Exploit
Broken Link
VDB Entry
http://www.securityfocus.com/bid/8725
Patch
Third Party Advisory
Broken Link
VDB Entry