CVE-2002-0839 — Apache Http Server vulnerability

5 documents5 sources

Severity

7.2HIGHNVD

EPSS

0.1%

top 65.71%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apache Http Server Debian Linux

Timeline

PublishedOct 11

Latest updateMay 3

Description

The shared memory scoreboard in the HTTP daemon for Apache 1.3.x before 1.3.27 allows any user running as the Apache UID to send a SIGUSR1 signal to any process as root, resulting in a denial of service (process kill) or possibly other behaviors that would not normally be allowed, by modifying the parent[].pid and parent[].last_rtime segments in the scoreboard.

CVSS vector

AV:L/AC:L/C:C/I:C/A:CExploitability: 3.9 | Impact: 10.0

Affected Packages1 packages

▶NVDapache/http_server1.3.0 — 1.3.27

Also affects: Debian Linux 2.2, 3.0

Patches

Patch: archives.neohapsis.com ↗Patch: archives.neohapsis.com ↗

🔴Vulnerability Details

GHSA

GHSA-6hh5-x52p-p482: The shared memory scoreboard in the HTTP daemon for Apache 1↗2022-05-03

▶

CVEList

CVE-2002-0839: The shared memory scoreboard in the HTTP daemon for Apache 1↗2002-10-05

▶

📋Vendor Advisories

Red Hat

security flaw↗2002-10-03

▶

💬Community

Bugzilla

CVE-2002-0839 security flaw↗2018-08-16

▶