← back
CVE-2002-1850

CVE-2002-1850

EPSS 17.4%
mod_cgi in Apache 2.0.39 and 2.0.40 allows local users and possibly remote attackers to cause a denial of service (hang and memory consumption) by causing a CGI script to send a large amount of data to stderr, which results in a read/write deadlock between httpd and the CGI script.
Affected products
n/a · n/a
public PoCs found1
exploitdbwww.exploit-db.com/exploits/21854unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://cvs.apache.org/viewcvs.cgi/httpd-2.0/modules/generators/mod_cgi.c?r1=1.148.2.7&r2=1.148.2.8http://issues.apache.org/bugzilla/show_bug.cgi?id=10515http://issues.apache.org/bugzilla/show_bug.cgi?id=22030http://marc.info/?l=apache-httpd-dev&m=103291952019514&w=2http://seclists.org/bugtraq/2002/Sep/0253.htmlhttp://securitytracker.com/id?1007823http://www.iss.net/security_center/static/10200.phphttp://www.securityfocus.com/bid/5787http://www.securityfocus.com/bid/8725