7.5

CVE-2002-1850

Exploit
mod_cgi in Apache 2.0.39 and 2.0.40 allows local users and possibly remote attackers to cause a denial of service (hang and memory consumption) by causing a CGI script to send a large amount of data to stderr, which results in a read/write deadlock between httpd and the CGI script.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
ApacheHTTP Server Version2.0.39
ApacheHTTP Server Version2.0.40
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 17.41% 0.967
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:N/A:P
CWE-667 Improper Locking

The product does not properly acquire or release a lock on a resource, leading to unexpected resource state changes and behaviors.

http://cvs.apache.org/viewcvs.cgi/httpd-2.0/modules/generators/mod_cgi.c?r1=1.148.2.7&r2=1.148.2.8
Broken Link
http://issues.apache.org/bugzilla/show_bug.cgi?id=10515
Issue Tracking
http://issues.apache.org/bugzilla/show_bug.cgi?id=22030
Patch
Issue Tracking
http://marc.info/?l=apache-httpd-dev&m=103291952019514&w=2
Mailing List
http://seclists.org/bugtraq/2002/Sep/0253.html
Third Party Advisory
Exploit
Mailing List
http://securitytracker.com/id?1007823
Patch
Third Party Advisory
Broken Link
VDB Entry
http://www.iss.net/security_center/static/10200.php
Patch
Broken Link
http://www.securityfocus.com/bid/5787
Third Party Advisory
Exploit
Broken Link
VDB Entry
http://www.securityfocus.com/bid/8725
Patch
Third Party Advisory
Broken Link
VDB Entry