ID CVE-2002-1850
Summary mod_cgi in Apache 2.0.39 and 2.0.40 allows local users and possibly remote attackers to cause a denial of service (hang and memory consumption) by causing a CGI script to send a large amount of data to stderr, which results in a read/write deadlock between httpd and the CGI script.
References
Vulnerable Configurations
  • cpe:2.3:a:apache:http_server:2.0.39:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.0.39:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.0.40:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.0.40:*:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 18-10-2016 - 02:27)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:N/A:P
refmap via4
bid
  • 5787
  • 8725
bugtraq 20020923 Apache 2.0.(39|40) DOS (PHP!)
confirm http://cvs.apache.org/viewcvs.cgi/httpd-2.0/modules/generators/mod_cgi.c?r1=1.148.2.7&r2=1.148.2.8
misc
mlist [apache-httpd-dev] 20020925 CGI bucket needed
sectrack 1007823
xf apache-stderr-dos(10200)
statements via4
contributor Mark J Cox
lastmodified 2006-08-30
organization Red Hat
statement Not vulnerable. This issue did not affect the versions of Apache HTTP server as shipped with Red Hat Enterprise Linux 2.1, 3, or 4.
Last major update 18-10-2016 - 02:27
Published 31-12-2002 - 05:00
Last modified 18-10-2016 - 02:27
Back to Top