CVSS: 7.2EPSS: 0%CPEs: 3EXPL: 0CVE-2002-0839
https://notcve.org/view.php?id=CVE-2002-0839
The shared memory scoreboard in the HTTP daemon for Apache 1.3.x before 1.3.27 allows any user running as the Apache UID to send a SIGUSR1 signal to any process as root, resulting in a denial of service (process kill) or possibly other behaviors that would not normally be allowed, by modifying the parent[].pid and parent[].last_rtime segments in the scoreboard. La tabla de puntuaciones (scoreboard) en memoria compartida del demonio HTTP en Apache 1.3.x anteriores a 1.3.27 permite a cualquier usuario corriendo con la UID de Apache enviar un señas SIGUSR1 a cualquier proceso como root, resultando en un a denegación de servicio (muerte de proceso) o posiblemente otros comportamientos no no serian permitidos normalmente, mediane la modificación de los segmentos parent[].pid y parent[].last_rtime en los segmentos de la tabla de puntuaciones. • ftp://patches.sgi.com/support/free/security/advisories/20021105-01-I http://archives.neohapsis.com/archives/bugtraq/2002-10/0195.html http://archives.neohapsis.com/archives/bugtraq/2002-10/0254.html http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0012.html http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000530 http://marc.info/?l=apache-httpd-announce&m=103367938230488&w=2 http://marc.info/?l=bugtraq&m=103376585508776&w=2 http://marc.info/?l=bugtraq&m= •
CVSS: 5.0EPSS: 2%CPEs: 10EXPL: 0CVE-2002-1593
https://notcve.org/view.php?id=CVE-2002-1593
mod_dav in Apache before 2.0.42 does not properly handle versioning hooks, which may allow remote attackers to kill a child process via a null dereference and cause a denial of service (CPU consumption) in a preforked multi-processing module. • http://securitytracker.com/id?1005285 http://www.apache.org/dist/httpd/CHANGES_2.0 http://www.kb.cert.org/vuls/id/406121 http://www.securityfocus.com/bid/5816 https://exchange.xforce.ibmcloud.com/vulnerabilities/10208 https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0a •
CVSS: 5.0EPSS: 13%CPEs: 12EXPL: 1CVE-2002-0654 – Apache 2.0 - Full Path Disclosure
https://notcve.org/view.php?id=CVE-2002-0654
Apache 2.0 through 2.0.39 on Windows, OS2, and Netware allows remote attackers to determine the full pathname of the server via (1) a request for a .var file, which leaks the pathname in the resulting error message, or (2) via an error message that occurs when a script (child process) cannot be invoked. Apache 2.0 a 2.0.39 en Windows, OS2 y Netware, permite a atacantes remotos determinar la ruta completa del servidor mediante una petición de un fichero .var, donde el mensaje de error muestra muestra la ruta al archivo, o mediante un mensaje de error que ocurre cuando un script (proceso hijo) no puede ser invocado. • https://www.exploit-db.com/exploits/21719 http://marc.info/?l=bugtraq&m=102951160411052&w=2 http://www.apache.org/dist/httpd/CHANGES_2.0 http://www.iss.net/security_center/static/9875.php http://www.iss.net/security_center/static/9876.php http://www.securityfocus.com/bid/5485 http://www.securityfocus.com/bid/5486 https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/5df9bfb86a3b054 •
CVSS: 7.5EPSS: 96%CPEs: 12EXPL: 1CVE-2002-0661 – Apache 2.0 - Encoded Backslash Directory Traversal
https://notcve.org/view.php?id=CVE-2002-0661
Directory traversal vulnerability in Apache 2.0 through 2.0.39 on Windows, OS2, and Netware allows remote attackers to read arbitrary files and execute commands via .. (dot dot) sequences containing \ (backslash) characters. • https://www.exploit-db.com/exploits/21697 http://httpd.apache.org/info/security_bulletin_20020908a.txt http://marc.info/?l=bugtraq&m=102892744011436&w=2 http://marc.info/?l=bugtraq&m=102951160411052&w=2 http://www.iss.net/security_center/static/9808.php http://www.securityfocus.com/bid/5434 https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs •
CVSS: 5.0EPSS: 6%CPEs: 34EXPL: 1CVE-2002-0659 – OpenSSL - ASN.1 Parsing
https://notcve.org/view.php?id=CVE-2002-0659
The ASN1 library in OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and earlier, allows remote attackers to cause a denial of service via invalid encodings. La librería ASN1 de Open SSL 0.9.6d y anterior, y 0.9.7-beta2 y anterior, permite que atacantes remotos provoquen una denegación de servicio por medio de codificaciones inválidas. • https://www.exploit-db.com/exploits/23199 ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-033.0.txt ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-033.1.txt ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:33.openssl.asc http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000516 http://rhn.redhat.com/errata/RHSA-2002-160.html http://rhn.redhat.com/errata/RHSA-2002-161.html http://rhn.redhat.com/errata/RHSA-2002-164.html http& •