CVE Vulnerabilities

CVE-2002-0839

Published: Oct 11, 2002 | Modified: Jun 06, 2021
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
7.2 HIGH
AV:L/AC:L/Au:N/C:C/I:C/A:C
RedHat/V2
RedHat/V3
Ubuntu

The shared memory scoreboard in the HTTP daemon for Apache 1.3.x before 1.3.27 allows any user running as the Apache UID to send a SIGUSR1 signal to any process as root, resulting in a denial of service (process kill) or possibly other behaviors that would not normally be allowed, by modifying the parent[].pid and parent[].last_rtime segments in the scoreboard.

Affected Software

Name Vendor Start Version End Version
Http_server Apache 1.3.26 1.3.26
Http_server Apache 1.3.19 1.3.19
Http_server Apache 1.3.20 1.3.20
Http_server Apache 1.3.24 1.3.24
Http_server Apache 1.3.25 1.3.25
Http_server Apache 1.3.22 1.3.22
Http_server Apache 1.3.23 1.3.23
Apache Ubuntu dapper *
Apache Ubuntu edgy *
Apache Ubuntu feisty *

References