Vulnerability Name:

CVE-2002-0843 (CCN-10281)

Assigned:2002-10-03
Published:2002-10-03
Updated:2021-06-06
Summary:Buffer overflows in the ApacheBench benchmark support program (ab.c) in Apache before 1.3.27, and Apache 2.x before 2.0.43, allow a malicious web server to cause a denial of service and possibly execute arbitrary code via a long response.
CVSS v3 Severity:7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
7.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-Other
Vulnerability Consequences:Gain Access
References:Source: SGI
Type: UNKNOWN
20021105-01-I

Source: BUGTRAQ
Type: UNKNOWN
20021016 Apache 1.3.26

Source: CCN
Type: BugTraq Mailing List, Wed Oct 16 2002 - 17:32:26 CDT
Apache 1.3.26

Source: BUGTRAQ
Type: UNKNOWN
20021017 TSLSA-2002-0069-apache

Source: MITRE
Type: CNA
CVE-2002-0843

Source: CONECTIVA
Type: UNKNOWN
CLA-2002:530

Source: CCN
Type: Conectiva Linux Announcement CLSA-2002:530
DoS and other vulnerabilities

Source: CONECTIVA
Type: UNKNOWN
CLSA-2002:530

Source: CCN
Type: Apache Web site
Welcome! - The Apache HTTP Server Project

Source: CONFIRM
Type: UNKNOWN
http://marc.info/?l=apache-httpd-announce&m=103367938230488&w=2

Source: BUGTRAQ
Type: UNKNOWN
20021003 [OpenPKG-SA-2002.009] OpenPKG Security Advisory (apache)

Source: HP
Type: UNKNOWN
HPSBUX0210-224

Source: CCN
Type: Oracle Security Alert #45
Security Release of Apache 1.3.27

Source: CCN
Type: RHSA-2002-222
Updated apache

Source: CCN
Type: RHSA-2002-248
apache

Source: CCN
Type: RHSA-2002-251
apache security update

Source: CCN
Type: RHSA-2003-106
Updated apache and mod_ssl packages available

Source: CCN
Type: SA21425
IBM HMC Apache Buffer Overflow Vulnerability

Source: SECUNIA
Type: UNKNOWN
21425

Source: AIXAPAR
Type: UNKNOWN
IY87070

Source: CCN
Type: Apache HTTP Server Project Web site
Apache 1.3.27 Released

Source: CCN
Type: ApacheWeek, Issue 311, 4th October 2002
Security Reports

Source: CONFIRM
Type: Vendor Advisory
http://www.apacheweek.com/issues/02-10-04

Source: CCN
Type: CIAC Information Bulletin N-005
Apache 1.3.27 HTTP Server Release [REVISED 7 July 2004]

Source: DEBIAN
Type: UNKNOWN
DSA-187

Source: DEBIAN
Type: UNKNOWN
DSA-188

Source: DEBIAN
Type: UNKNOWN
DSA-195

Source: DEBIAN
Type: DSA-187
apache -- several vulnerabilities

Source: DEBIAN
Type: DSA-188
apache-ssl -- several vulnerabilities

Source: DEBIAN
Type: DSA-195
apache-perl -- several vulnerabilities

Source: XF
Type: UNKNOWN
apache-apachebench-response-bo(10281)

Source: MANDRAKE
Type: UNKNOWN
MDKSA-2002:068

Source: ENGARDE
Type: UNKNOWN
ESA-20021007-024

Source: CCN
Type: SCO Security Advisory CSSA-2002-056.0
Linux: apache vulnerabilities in shared memory, DNS, and ApacheBench

Source: CCN
Type: SCO Security Advisory CSSA-2003-SCO.10.1
OpenServer 5.0.5 OpenServer 5.0.6 : Various security fixes for Apache.

Source: CCN
Type: OpenPKG-SA-2002.009
Apache

Source: BID
Type: UNKNOWN
5887

Source: CCN
Type: BID-5887
Apache AB.C Web Benchmarking Buffer Overflow Vulnerabilities

Source: CCN
Type: BID-5955
Linux-HA Heartbeat Remote Buffer Overflow Vulnerability

Source: BID
Type: UNKNOWN
5995

Source: CCN
Type: BID-5995
Apache AB.C Web Benchmarking Read_Connection() Buffer Overflow Vulnerability

Source: BID
Type: UNKNOWN
5996

Source: CCN
Type: BID-5996
Apache AB.C Web Benchmarking Buffer Overflow Vulnerability

Source: VUPEN
Type: UNKNOWN
ADV-2006-3263

Source: CONFIRM
Type: UNKNOWN
http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=2871

Source: XF
Type: UNKNOWN
apache-apachebench-response-bo(10281)

Source: MLIST
Type: UNKNOWN
[httpd-cvs] 20210330 svn commit: r1073140 [1/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html

Source: MLIST
Type: UNKNOWN
[httpd-cvs] 20210603 svn commit: r1075360 [1/3] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html

Source: MLIST
Type: UNKNOWN
[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/

Source: MLIST
Type: UNKNOWN
[httpd-cvs] 20210330 svn commit: r1073149 [2/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/

Source: MLIST
Type: UNKNOWN
[httpd-cvs] 20210606 svn commit: r1075470 [1/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html

Source: MLIST
Type: UNKNOWN
[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/

Vulnerable Configuration:Configuration 1:
  • cpe:/a:apache:http_server:1.3.18:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:1.3.19:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:1.3.4:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:1.3.6:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:application_server:9.0.2:r2:*:*:*:*:*:*
  • OR cpe:/a:oracle:database_server:8.1.7:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:1.3:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:1.3.1:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:1.3.20:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:1.3.22:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:1.3.23:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:1.3.9:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:application_server:9.0.2.1:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:oracle8i:8.1.7.0.0_enterprise:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:1.3.25:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:1.3.24:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:oracle8i:8.1.7.1:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:oracle8i:8.1.7:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:application_server:1.0.2.1s:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:1.3.12:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:application_server:9.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:1.3.3:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:1.3.17:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:1.3.26:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:1.3.14:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:oracle8i:8.1.7.1.0_enterprise:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:1.3.11:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:application_server:1.0.2.2:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:database_server:9.2.2:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:application_server:1.0.2:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:apache:http_server:1.3:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:database_server:8.1.7:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:1.3.1:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:1.3.19:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:application_server:9.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:1.3.26:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:1.3.6:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:1.3.9:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:1.3.12:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:1.3.20:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:1.3.23:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:1.3.17:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:1.3.14:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:1.3.11:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:application_server:1.0.2.2:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:application_server:1.0.2.1s:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:1.3.3:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:1.3.24:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:1.3.22:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:1.3.4:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:database_server:8.1.7.1:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:1.3.18:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:1.3.25:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:application_server:1.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:application_server:9.0.2:r2:*:*:*:*:*:*
  • OR cpe:/a:oracle:reports:9.0.2:*:*:*:*:*:*:*
  • AND
  • cpe:/a:redhat:stronghold:*:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:2.1:*:as:*:*:*:*:*
  • OR cpe:/o:redhat:linux_advanced_workstation:2.1:*:itanium:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.debian:def:195
    V
    		several vulnerabilities
    2002-11-13
    oval:org.debian:def:188
    V
    		several vulnerabilities
    2002-11-05
    oval:org.debian:def:187
    V
    		several vulnerabilities
    2002-11-04
    BACK
    apache http server 1.3.18
    apache http server 1.3.19
    apache http server 1.3.4
    apache http server 1.3.6
    oracle application server 9.0.2 r2
    oracle database server 8.1.7
    apache http server 1.3
    apache http server 1.3.1
    apache http server 1.3.20
    apache http server 1.3.22
    apache http server 1.3.23
    apache http server 1.3.9
    oracle application server 9.0.2.1
    oracle oracle8i 8.1.7.0.0_enterprise
    apache http server 1.3.25
    apache http server 1.3.24
    oracle oracle8i 8.1.7.1
    oracle oracle8i 8.1.7
    oracle application server 1.0.2.1s
    apache http server 1.3.12
    oracle application server 9.0.2
    apache http server 1.3.3
    apache http server 1.3.17
    apache http server 1.3.26
    apache http server 1.3.14
    oracle oracle8i 8.1.7.1.0_enterprise
    apache http server 1.3.11
    oracle application server 1.0.2.2
    oracle database server 9.2.2
    oracle application server 1.0.2
    apache http server 1.3
    oracle database server 8.1.7
    apache http server 1.3.1
    apache http server 1.3.19
    oracle application server 9.0.2
    apache http server 1.3.26
    apache http server 1.3.6
    apache http server 1.3.9
    apache http server 1.3.12
    apache http server 1.3.20
    apache http server 1.3.23
    apache http server 1.3.17
    apache http server 1.3.14
    apache http server 1.3.11
    oracle application server 1.0.2.2
    oracle application server 1.0.2.1s
    apache http server 1.3.3
    apache http server 1.3.24
    apache http server 1.3.22
    apache http server 1.3.4
    oracle database server 8.1.7.1
    apache http server 1.3.18
    apache http server 1.3.25
    oracle application server 1.0.2
    oracle application server 9.0.2 r2
    oracle reports 9.0.2
    redhat stronghold *
    redhat enterprise linux 2.1
    redhat linux advanced workstation 2.1