PUBLISHED DATE: October 11, 2002CVE-2002-0839:
Denial of Service Vulnerability

Description

The shared memory scoreboard in the HTTP daemon for Apache 1.3.x before 1.3.27 allows any user running as the Apache UID to send a SIGUSR1 signal to any process as root, resulting in a denial of service (process kill) or possibly other behaviors that would not normally be allowed, by modifying the parent[].pid and parent[].last_rtime segments in the scoreboard.

Products

• Apache HTTP Server
• Apache Software Foundation Apache HTTP Server 1.3.0
• Apache Software Foundation Apache HTTP Server 1.3.1.1
• Apache Software Foundation Apache 1.3.10
• Apache Software Foundation Apache HTTP Server 1.3.11
• Apache Software Foundation Apache HTTP Server 1.3.12
• Apache Software Foundation Apache 1.3.13
• Apache Software Foundation Apache HTTP Server 1.3.14
• Apache Software Foundation Apache 1.3.15
• Apache Software Foundation Apache 1.3.16
• Apache Software Foundation Apache HTTP Server 1.3.17
• Apache Software Foundation Apache HTTP Server 1.3.18
• Apache Software Foundation Apache HTTP Server 1.3.19
• Apache Software Foundation Apache HTTP Server 1.3.1
• Apache Software Foundation Apache HTTP Server 1.3.20
• Apache Software Foundation Apache HTTP Server 1.3.22
• Apache Software Foundation Apache HTTP Server 1.3.23
• Apache Software Foundation Apache HTTP Server 1.3.24
• Apache Software Foundation Apache HTTP Server 1.3.25
• Apache Software Foundation Apache HTTP Server 1.3.26
• Apache Software Foundation Apache HTTP Server 1.3.2
• Apache Software Foundation Apache HTTP Server 1.3.3
• Apache Software Foundation Apache HTTP Server 1.3.4
• Apache Software Foundation Apache HTTP Server 1.3.5
• Apache Software Foundation Apache HTTP Server 1.3.6
• Apache Software Foundation Apache HTTP Server 1.3.7
• Apache Software Foundation Apache HTTP Server 1.3.8
• Apache Software Foundation Apache HTTP Server 1.3.9
• Debian Debian Linux 2.2
• Debian Debian Linux 3.0

Questions to Ask Vendors

1. Can you confirm whether your systems are affected by CVE-2002-0839, and if so, what steps are you currently taking to mitigate this vulnerability?
2. What is your estimated timeline for fully resolving CVE-2002-0839 in your products or services, and how will you communicate updates on this issue to us as your customer?

Recommended Actions

• Check out the advisory links provided below.

References

• https://nvd.nist.gov/vuln/detail/CVE-2002-0839