7.5

CVE-2002-1850

Exploit

mod_cgi in Apache 2.0.39 and 2.0.40 allows local users and possibly remote attackers to cause a denial of service (hang and memory consumption) by causing a CGI script to send a large amount of data to stderr, which results in a read/write deadlock between httpd and the CGI script.

Data is provided by the National Vulnerability Database (NVD)
ApacheHTTP Server Version2.0.39
ApacheHTTP Server Version2.0.40
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 3.02% 0.862
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:N/A:P
CWE-667 Improper Locking

The product does not properly acquire or release a lock on a resource, leading to unexpected resource state changes and behaviors.

http://seclists.org/bugtraq/2002/Sep/0253.html
Third Party Advisory
Exploit
Mailing List
http://securitytracker.com/id?1007823
Patch
Third Party Advisory
Broken Link
VDB Entry
http://www.securityfocus.com/bid/5787
Third Party Advisory
Exploit
Broken Link
VDB Entry
http://www.securityfocus.com/bid/8725
Patch
Third Party Advisory
Broken Link
VDB Entry