CVE-2002-0839

high

Apache

CVSS v3 Base Score

7.2

AV:L/AC:L/Au:N/C:C/I:C/A:C

EPSS Score

0.1%

Exploitation probability in 30 days

Top 66% most likely to be exploited

Attack Characteristics

Attack Vector

Local

Attack Complexity

Low

Confidentiality

Integrity

Availability

Published: October 11, 2002 (8616 days ago)

Last Modified: April 16, 2026

Vendor: Apache

Source: NVD

Description

The shared memory scoreboard in the HTTP daemon for Apache 1.3.x before 1.3.27 allows any user running as the Apache UID to send a SIGUSR1 signal to any process as root, resulting in a denial of service (process kill) or possibly other behaviors that would not normally be allowed, by modifying the parent[].pid and parent[].last_rtime segments in the scoreboard.

CWE

NVD-CWE-noinfo

Affected Products

apache http serverdebian debian linux

References

🔗 patches.sgi.com 🔗 archives.neohapsis.com 🔗 archives.neohapsis.com 🔗 archives.neohapsis.com 🔗 distro.conectiva.com.br

CVE-2002-0839

Vulnerability Report

Description

CWE

Affected Products

References