CVE-2002-0392 — HIGH (7.5) — White Hats Nepal

Q: How severe is CVE-2002-0392?

CVE-2002-0392 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2002-0392?

Check the references section above for vendor advisories and patch information. Affected products include: Apache Http Server, Debian Debian Linux.

Vulnerability Description

Apache 1.3 through 1.3.24, and Apache 2.0 through 2.0.36, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a chunk-encoded HTTP request that causes Apache to use an incorrect size.

CVSS Score

7.5

HIGH

AV:N/AC:L/Au:N/C:P/I:P/A:P

Confidentiality

PARTIAL

Integrity

PARTIAL

Availability

PARTIAL

Affected Products

Vendor	Product	Versions
Apache	Http Server	>= 1.2.2, <= 1.3.24
Debian	Debian Linux	2.2

References

ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-029.0.txtBroken Link
ftp://ftp.caldera.com/pub/updates/OpenServer/CSSA-2002-SCO.32Broken Link
ftp://ftp.caldera.com/pub/updates/OpenUNIX/CSSA-2002-SCO.31Broken Link
ftp://patches.sgi.com/support/free/security/advisories/20020605-01-ABroken Link
ftp://patches.sgi.com/support/free/security/advisories/20020605-01-IBroken Link
http://archives.neohapsis.com/archives/bugtraq/2002-06/0235.htmlBroken Link
http://archives.neohapsis.com/archives/bugtraq/2002-06/0266.htmlBroken Link
http://distro.conectiva.com/atualizacoes/?id=a&anuncio=000498Broken Link
http://frontal2.mandriva.com/security/advisories?name=MDKSA-2002:039Broken Link
http://httpd.apache.org/info/security_bulletin_20020617.txtVendor Advisory
http://online.securityfocus.com/advisories/4240Broken LinkThird Party AdvisoryVDB Entry
http://online.securityfocus.com/advisories/4257Broken LinkThird Party AdvisoryVDB Entry
http://online.securityfocus.com/archive/1/278149Broken LinkThird Party AdvisoryVDB Entry
http://rhn.redhat.com/errata/RHSA-2002-103.htmlBroken Link
http://rhn.redhat.com/errata/RHSA-2002-117.htmlBroken Link

FAQ

What is CVE-2002-0392?

CVE-2002-0392 is a vulnerability with a CVSS score of 7.5 (HIGH). Apache 1.3 through 1.3.24, and Apache 2.0 through 2.0.36, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a chunk-encoded HTTP request that causes Apache t...

How severe is CVE-2002-0392?

CVE-2002-0392 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2002-0392?

Check the references section above for vendor advisories and patch information. Affected products include: Apache Http Server, Debian Debian Linux.