Description
Buffer overflows in the ApacheBench benchmark support program (ab.c) in Apache before 1.3.27, and Apache 2.x before 2.0.43, allow a malicious web server to cause a denial of service and possibly execute arbitrary code via a long response.
Products
- Apache Software Foundation Apache HTTP Server 1.3.11
- Apache Software Foundation Apache HTTP Server 1.3.12
- Apache Software Foundation Apache HTTP Server 1.3.14
- Apache Software Foundation Apache HTTP Server 1.3.17
- Apache Software Foundation Apache HTTP Server 1.3.18
- Apache Software Foundation Apache HTTP Server 1.3.19
- Apache Software Foundation Apache HTTP Server 1.3.1
- Apache Software Foundation Apache HTTP Server 1.3.20
- Apache Software Foundation Apache HTTP Server 1.3.22
- Apache Software Foundation Apache HTTP Server 1.3.23
- Apache Software Foundation Apache HTTP Server 1.3.24
- Apache Software Foundation Apache HTTP Server 1.3.25
- Apache Software Foundation Apache HTTP Server 1.3.26
- Apache Software Foundation Apache HTTP Server 1.3.3
- Apache Software Foundation Apache HTTP Server 1.3.4
- Apache Software Foundation Apache HTTP Server 1.3.6
- Apache Software Foundation Apache HTTP Server 1.3.9
- Apache Software Foundation Apache HTTP Server 1.3
- Oracle Application Server 9i 1.0.2.1s
- Oracle Application Server 9i 1.0.2.2
- Oracle Oracle9i Application Server 1.0.2.2 r1
- Oracle Application Server 9i 1.0.2.2 Release 2
- Oracle Application Server 9i 1.0.2
- Oracle Oracle10g Application Server 9.0.2.1
- Oracle Application Server 9i 9.0.2
- Oracle Oracle9i Application Server 9.0.2 r2
- Oracle Database Server 8.1.7
- Oracle Database Server 8.1.7 Release 1
- Oracle Database Server 9.2.2
- Oracle 8i 8.1.7.0.0 Enterprise
- Oracle 8i 8.1.7.1.0 Enterprise
- Oracle 8i 8.1.7.1
- Oracle 8i 8.1.7
Questions to Ask Vendors
- Can you confirm whether your systems are affected by CVE-2002-0843, and if so, what steps are you currently taking to mitigate this vulnerability?
- What is your estimated timeline for fully resolving CVE-2002-0843 in your products or services, and how will you communicate updates on this issue to us as your customer?
Recommended Actions
- Check out the advisory links provided below.
References