Apache » Http Server » 1.3.11 : Security Vulnerabilities, CVEs, Published In 2002 (Denial of service)
Tomcat 4.0 through 4.1.12, using mod_jk 1.2.1 module on Apache 1.3 through 1.3.27, allows remote attackers to cause a denial of service (desynchronized communications) via an HTTP GET request with a Transfer-Encoding chunked field with invalid values.
Max CVSS
7.8
EPSS Score
0.72%
Published
2002-12-31
Updated
2017-07-29
Buffer overflows in the ApacheBench benchmark support program (ab.c) in Apache before 1.3.27, and Apache 2.x before 2.0.43, allow a malicious web server to cause a denial of service and possibly execute arbitrary code via a long response.
Max CVSS
7.5
EPSS Score
0.51%
Published
2002-10-11
Updated
2021-06-06
The shared memory scoreboard in the HTTP daemon for Apache 1.3.x before 1.3.27 allows any user running as the Apache UID to send a SIGUSR1 signal to any process as root, resulting in a denial of service (process kill) or possibly other behaviors that would not normally be allowed, by modifying the parent[].pid and parent[].last_rtime segments in the scoreboard.
Max CVSS
7.2
EPSS Score
0.09%
Published
2002-10-11
Updated
2022-09-23
CVE-2002-0392
Public exploit
Apache 1.3 through 1.3.24, and Apache 2.0 through 2.0.36, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a chunk-encoded HTTP request that causes Apache to use an incorrect size.
Max CVSS
7.5
EPSS Score
75.28%
Published
2002-07-03
Updated
2021-07-15
4 vulnerabilities found