CVE-2002-0843 — Vulnetix

Try Vulnetix Request Demo

CVE-2002-0843 PUBLISHED CVSS 7.5 HIGH

Buffer overflows in the ApacheBench benchmark support program (ab.c) in Apache before 1.3.27, and Apache 2.x before 2.0.43, allow a malicious web server to cause a denial of service and possibly execute arbitrary code via a long response.

EPSS 3.77% · 87.9th percentile

Risk Scores

CVSS v2.0

7.5

EPSS Score

3.77%

87.9th percentile

Affected Products

Vendor	Product	Versions
apache	http_server	1.3.26, 1.3, 1.3.1
oracle	application_server	9.0.2, 1.0.2, 1.0.2.1s
oracle	database_server	8.1.7, 9.2.2
oracle	oracle8i	8.1.7.1.0_enterprise, 8.1.7, 8.1.7.0.0_enterprise
n/a	n/a	n/a

Timeline

Oct 5, 2002 CVE Published
Feb 4, 2022 EPSS Score
Mar 28, 2022 EPSS Score
May 3, 2022 CVE Updated
Jul 10, 2022 EPSS Score
Sep 1, 2022 EPSS Score
Oct 23, 2022 EPSS Score
Feb 4, 2023 EPSS Score
Mar 7, 2023 EPSS Score
Mar 28, 2023 EPSS Score
Jul 10, 2023 EPSS Score
Aug 31, 2023 EPSS Score

References

DSA-188 vendor-advisory
CLSA-2002:530 vendor-advisory
http://marc.info/?l=apache-httpd-announce&m=103367938230488&w=2 url
ESA-20021007-024 vendor-advisory
5996 vdb
IY87070 vendor-advisory
20021105-01-I vendor-advisory
HPSBUX0210-224 vendor-advisory
ADV-2006-3263 vdb
20021016 Apache 1.3.26 mailing-list
DSA-187 vendor-advisory
http://www.apacheweek.com/issues/02-10-04 url
5887 vdb
DSA-195 vendor-advisory
20021003 [OpenPKG-SA-2002.009] OpenPKG Security Advisory (apache) mailing-list
MDKSA-2002:068 vendor-advisory
http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=2871 url
CLA-2002:530 vendor-advisory
21425 third-party-advisory
20021017 TSLSA-2002-0069-apache mailing-list

…and 15 more

Open in Interactive Console →