CVE - CVE-2002-0843

CVE-ID
CVE-2002-0843	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
Buffer overflows in the ApacheBench benchmark support program (ab.c) in Apache before 1.3.27, and Apache 2.x before 2.0.43, allow a malicious web server to cause a denial of service and possibly execute arbitrary code via a long response.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
AIXAPAR:IY87070 URL:http://www-1.ibm.com/support/search.wss?rs=0&q=IY87070&apar=only BID:5887 URL:http://www.securityfocus.com/bid/5887 BID:5995 URL:http://www.securityfocus.com/bid/5995 BID:5996 URL:http://www.securityfocus.com/bid/5996 BUGTRAQ:20021003 [OpenPKG-SA-2002.009] OpenPKG Security Advisory (apache) URL:http://marc.info/?l=bugtraq&m=103376585508776&w=2 BUGTRAQ:20021016 Apache 1.3.26 URL:http://archives.neohapsis.com/archives/bugtraq/2002-10/0229.html BUGTRAQ:20021017 TSLSA-2002-0069-apache URL:http://archives.neohapsis.com/archives/bugtraq/2002-10/0254.html CONECTIVA:000530 URL:http://distro.conectiva.com/atualizacoes/?id=a&anuncio=000530 CONECTIVA:CLA-2002:530 URL:~~http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000530~~ (Obsolete source - check if archived by the Wayback Machine) CONECTIVA:CLSA-2002:530 URL:http://distro.conectiva.com/atualizacoes/?id=a&anuncio=000530 CONFIRM:http://marc.info/?l=apache-httpd-announce&m=103367938230488&w=2 CONFIRM:http://www.apacheweek.com/issues/02-10-04 CONFIRM:http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=2871 DEBIAN:DSA-187 URL:http://www.debian.org/security/2002/dsa-187 DEBIAN:DSA-188 URL:http://www.debian.org/security/2002/dsa-188 DEBIAN:DSA-195 URL:http://www.debian.org/security/2002/dsa-195 ENGARDE:ESA-20021007-024 URL:http://www.linuxsecurity.com/advisories/other_advisory-2414.html HP:HPSBUX0210-224 URL:http://online.securityfocus.com/advisories/4617 MANDRAKE:MDKSA-2002:068 URL:~~http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-068.php~~ (Obsolete source) MLIST:[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/ URL:https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E MLIST:[httpd-cvs] 20210330 svn commit: r1073140 [1/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html URL:https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5@%3Ccvs.httpd.apache.org%3E MLIST:[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/ URL:https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E MLIST:[httpd-cvs] 20210330 svn commit: r1073149 [2/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/ URL:https://lists.apache.org/thread.html/rd00b45b93fda4a5bd013b28587207d0e00f99f6e3308dbb6025f3b01@%3Ccvs.httpd.apache.org%3E MLIST:[httpd-cvs] 20210603 svn commit: r1075360 [1/3] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html URL:https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4@%3Ccvs.httpd.apache.org%3E MLIST:[httpd-cvs] 20210606 svn commit: r1075470 [1/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html URL:https://lists.apache.org/thread.html/rf2f0f3611f937cf6cfb3b4fe4a67f69885855126110e1e3f2fb2728e@%3Ccvs.httpd.apache.org%3E SECUNIA:21425 URL:http://secunia.com/advisories/21425 SGI:20021105-01-I URL:ftp://patches.sgi.com/support/free/security/advisories/20021105-01-I VUPEN:ADV-2006-3263 URL:~~http://www.vupen.com/english/advisories/2006/3263~~ (Obsolete source) XF:apache-apachebench-response-bo(10281) URL:~~http://www.iss.net/security_center/static/10281.php~~ (Obsolete source - check if archived by the Wayback Machine)
Assigning CNA
MITRE Corporation
Date Record Created
20020808	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Modified (20071016)
Votes (Legacy)
ACCEPT(3) Armstrong, Cole, Green MODIFY(1) Cox NOOP(1) Christey
Comments (Legacy)
Christey> CONFIRM:http://www.info.apple.com/usen/security/security_updates.html Cox> Support inclusion decision: a user may well run ApacheBench against their own server in a DMZ that has been compromised therefore leading to a break across security zones. Addref: RHSA-2002:251 Addref: RHSA-2002:248 Addref: RHSA-2002:244 Addref: RHSA-2002:243 Addref: RHSA-2002:222 Change Apache Week ref to: http://www.apacheweek.com/issues/02-10-04#security Christey> SGI:20021105-02-I URL:ftp://patches.sgi.com/support/free/security/advisories/20021105-02-I Christey> BUGTRAQ:20021016 Apache 1.3.26 URL:http://archives.neohapsis.com/archives/bugtraq/2002-10/0229.html XF:apache-apachebench-response-bo(10281) URL:http://www.iss.net/security_center/static/10281.php BID:5996 URL:http://www.securityfocus.com/bid/5996
Proposed (Legacy)
20030317
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)