Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2002-1850Improper Locking in Apache Http Server

CWE-667Improper Locking7 documents7 sources
Severity
7.5HIGHNVD
EPSS
2.9%
top 13.60%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Apache Http Server
Timeline
PublishedDec 31
Latest updateApr 30

Description

mod_cgi in Apache 2.0.39 and 2.0.40 allows local users and possibly remote attackers to cause a denial of service (hang and memory consumption) by causing a CGI script to send a large amount of data to stderr, which results in a read/write deadlock between httpd and the CGI script.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages1 packages

NVDapache/http_server2.0.39, 2.0.40+1

Patches

Patch: issues.apache.orgPatch: securitytracker.comPatch: www.iss.net

🔴Vulnerability Details

3
GHSA
GHSA-vfpr-g7cv-3qw9: mod_cgi in Apache 22022-04-30
CVEList
CVE-2002-1850: mod_cgi in Apache 22005-06-28
OSV
CVE-2002-1850: mod_cgi in Apache 22002-12-31

💥Exploits & PoCs

1
Exploit-DB
Apache 2.0.39/40 - Oversized STDERR Buffer Denial of Service2002-09-24

📋Vendor Advisories

2
Debian
CVE-2002-1850: apache2 - mod_cgi in Apache 2.0.39 and 2.0.40 allows local users and possibly remote attac...2002
Red Hat
CVE-2002-1850: mod_cgi in Apache 2
CVE-2002-1850 — Improper Locking in Apache Http Server | cvebase