CVE-2002-1850 — HIGH (7.5) — White Hats Nepal

Vulnerability Description

mod_cgi in Apache 2.0.39 and 2.0.40 allows local users and possibly remote attackers to cause a denial of service (hang and memory consumption) by causing a CGI script to send a large amount of data to stderr, which results in a read/write deadlock between httpd and the CGI script.

CVSS Score

7.5

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Apache	Http Server	2.0.39

Related Weaknesses (CWE)

CWE-667

References

http://cvs.apache.org/viewcvs.cgi/httpd-2.0/modules/generators/mod_cgi.c?r1=1.14Broken Link
http://issues.apache.org/bugzilla/show_bug.cgi?id=10515Issue Tracking
http://issues.apache.org/bugzilla/show_bug.cgi?id=22030Issue TrackingPatch
http://marc.info/?l=apache-httpd-dev&m=103291952019514&w=2Mailing List
http://seclists.org/bugtraq/2002/Sep/0253.htmlExploitMailing ListThird Party Advisory
http://securitytracker.com/id?1007823Broken LinkPatchThird Party Advisory
http://www.iss.net/security_center/static/10200.phpBroken LinkPatch
http://www.securityfocus.com/bid/5787Broken LinkExploitThird Party Advisory
http://www.securityfocus.com/bid/8725Broken LinkPatchThird Party Advisory
http://cvs.apache.org/viewcvs.cgi/httpd-2.0/modules/generators/mod_cgi.c?r1=1.14Broken Link
http://issues.apache.org/bugzilla/show_bug.cgi?id=10515Issue Tracking
http://issues.apache.org/bugzilla/show_bug.cgi?id=22030Issue TrackingPatch
http://marc.info/?l=apache-httpd-dev&m=103291952019514&w=2Mailing List
http://seclists.org/bugtraq/2002/Sep/0253.htmlExploitMailing ListThird Party Advisory
http://securitytracker.com/id?1007823Broken LinkPatchThird Party Advisory

FAQ

What is CVE-2002-1850?

CVE-2002-1850 is a vulnerability with a CVSS score of 7.5 (HIGH). mod_cgi in Apache 2.0.39 and 2.0.40 allows local users and possibly remote attackers to cause a denial of service (hang and memory consumption) by causing a CGI script to send a large amount of data t...

How severe is CVE-2002-1850?

CVE-2002-1850 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2002-1850?

Check the references section above for vendor advisories and patch information. Affected products include: Apache Http Server.