// For flags

CVE-2002-0839

 

Severity Score

7.5
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

The shared memory scoreboard in the HTTP daemon for Apache 1.3.x before 1.3.27 allows any user running as the Apache UID to send a SIGUSR1 signal to any process as root, resulting in a denial of service (process kill) or possibly other behaviors that would not normally be allowed, by modifying the parent[].pid and parent[].last_rtime segments in the scoreboard.

La tabla de puntuaciones (scoreboard) en memoria compartida del demonio HTTP en Apache 1.3.x anteriores a 1.3.27 permite a cualquier usuario corriendo con la UID de Apache enviar un señas SIGUSR1 a cualquier proceso como root, resultando en un a denegación de servicio (muerte de proceso) o posiblemente otros comportamientos no no serian permitidos normalmente, mediane la modificación de los segmentos parent[].pid y parent[].last_rtime en los segmentos de la tabla de puntuaciones.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High
Attack Vector
Local
Attack Complexity
Low
Authentication
None
Confidentiality
Complete
Integrity
Complete
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2002-08-08 CVE Reserved
  • 2002-10-05 CVE Published
  • 2024-08-08 CVE Updated
  • 2025-03-30 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
CAPEC
References (25)
URL Tag Source
http://archives.neohapsis.com/archives/bugtraq/2002-10/0195.html Broken Link
http://archives.neohapsis.com/archives/bugtraq/2002-10/0254.html Broken Link
http://marc.info/?l=apache-httpd-announce&m=103367938230488&w=2 Mailing List
http://marc.info/?l=bugtraq&m=103376585508776&w=2 Issue Tracking
http://www.securityfocus.com/bid/5884 Third Party Advisory
https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5%40%3Ccvs.httpd.apache.org%3E Mailing List
https://lists.apache.org/thread.html/r8c9983f1172a3415f915ddb7e14de632d2d0c326eb1285755a024165%40%3Ccvs.httpd.apache.org%3E Mailing List
https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E Mailing List
https://lists.apache.org/thread.html/rd00b45b93fda4a5bd013b28587207d0e00f99f6e3308dbb6025f3b01%40%3Ccvs.httpd.apache.org%3E Mailing List
https://lists.apache.org/thread.html/rf2f0f3611f937cf6cfb3b4fe4a67f69885855126110e1e3f2fb2728e%40%3Ccvs.httpd.apache.org%3E Mailing List
https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E Mailing List
URL Date SRC
URL Date SRC
http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0012.html 2023-11-07
URL Date SRC
ftp://patches.sgi.com/support/free/security/advisories/20021105-01-I 2023-11-07
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000530 2023-11-07
http://marc.info/?l=bugtraq&m=130497311408250&w=2 2023-11-07
http://online.securityfocus.com/advisories/4617 2023-11-07
http://www.apacheweek.com/issues/02-10-04 2023-11-07
http://www.debian.org/security/2002/dsa-187 2023-11-07
http://www.debian.org/security/2002/dsa-188 2023-11-07
http://www.debian.org/security/2002/dsa-195 2023-11-07
http://www.iss.net/security_center/static/10280.php 2023-11-07
http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-068.php 2023-11-07
http://www.linuxsecurity.com/advisories/other_advisory-2414.html 2023-11-07
https://access.redhat.com/security/cve/CVE-2002-0839 2003-04-22
https://bugzilla.redhat.com/show_bug.cgi?id=1616822 2003-04-22
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Apache
Search vendor "Apache"
 Http Server
Search vendor "Apache" for product "Http Server"
 >= 1.3.0 < 1.3.27
Search vendor "Apache" for product "Http Server" and version " >= 1.3.0 < 1.3.27"
-
Affected
Debian
Search vendor "Debian"
 Debian Linux
Search vendor "Debian" for product "Debian Linux"
 2.2
Search vendor "Debian" for product "Debian Linux" and version "2.2"
-
Affected
Debian
Search vendor "Debian"
 Debian Linux
Search vendor "Debian" for product "Debian Linux"
 3.0
Search vendor "Debian" for product "Debian Linux" and version "3.0"
-
Affected