CVE-2002-0839

Common vulnerabilities & exposures (CVE)

CVE database CVE database blogpost Release & EoL database

Published at: - 11-10-2002 06:00

Last modified: - 23-09-2022 05:11

Total changes: - 5

Description

The shared memory scoreboard in the HTTP daemon for Apache 1.3.x before 1.3.27 allows any user running as the Apache UID to send a SIGUSR1 signal to any process as root, resulting in a denial of service (process kill) or possibly other behaviors that would not normally be allowed, by modifying the parent[].pid and parent[].last_rtime segments in the scoreboard.

Common Vulnerability Scoring System (CVSS)

AV:L/AC:L/Au:N/C:C/I:C/A:C

Low

Attack complexity

Local

Attack vector

High

Availability

High

Confidentiality

High

Integrity

Privileges required

Scope

User interaction

7.2

Base score

3.9

10.0

Exploitability score

Impact score

Verification logic

Reference

20021003 iDEFENSE Security Advisory 10.03.2002: Apache 1.3.x shared memory scoreboard vulnerabilities-Broken Link, Patch, Vendor Advisory
http://www.apacheweek.com/issues/02-10-04
apache-scorecard-memory-overwrite(10280)-Broken Link, Vendor Advisory
ESA-20021007-024-Broken Link
MDKSA-2002:068-Broken Link
DSA-187-Third Party Advisory
DSA-188-Third Party Advisory
DSA-195-Third Party Advisory
20021105-01-I-Broken Link
HPSBUX0210-224-Third Party Advisory, VDB Entry
20021015 GLSA: apache-Broken Link
20021017 TSLSA-2002-0069-apache-Broken Link
5884-Third Party Advisory, VDB Entry
CLA-2002:530-Third Party Advisory
SSRT090208-Issue Tracking, Mailing List, Third Party Advisory
20021003 [OpenPKG-SA-2002.009] OpenPKG Security Advisory (apache)-Issue Tracking, Mailing List, Third Party Advisory
http://marc.info/?l=apache-httpd-announce&m=103367938230488&w=2
[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/-Mailing List, Vendor Advisory
[httpd-cvs] 20210330 svn commit: r1073149 [2/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/-Mailing List, Vendor Advisory
[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/-Mailing List, Vendor Advisory
[httpd-cvs] 20210330 svn commit: r1073140 [1/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html-Mailing List, Vendor Advisory
[httpd-cvs] 20210422 svn commit: r1074079 [2/3] - in /websites/staging/httpd/trunk/content: ./ apreq/ contribute/ contributors/ dev/ docs-project/ docs/ info/ mod_fcgid/ mod_ftp/ mod_mbox/ mod_smtpd/ modules/ security/ test/ test/flood/-Mailing List, Vendor Advisory
[httpd-cvs] 20210606 svn commit: r1075470 [1/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html-Mailing List, Vendor Advisory

Keywords

CVE-2002-0839

Common vulnerabilities & exposures (CVE)

Description

Common Vulnerability Scoring System (CVSS)

Verification logic

Reference

NVD

CVE-2002-0839

CVE

Common vulnerabilities & exposures

CVSS

Common vulnerability scoring system

Security

Vulnerabilities

Exposures