CVE-2002-0082

Apache-SSL < 1.3.22+1.46 and mod_ssl < 2.8.7-1.3.23 - Remote Code Execution via Large Client Certificate

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 5 public exploits for CVE-2002-0082. PoCs published by spabam, Brian Peters, anilkashyap01.

AI-analyzed exploit summary This exploit targets CVE-2002-0082, a buffer overflow vulnerability in OpenSSL used by Apache. It leverages a precomputed list of memory addresses for various Linux distributions to achieve remote code execution.

Description

The dbm and shm session cache code in mod_ssl before 2.8.7-1.3.23, and Apache-SSL before 1.3.22+1.46, does not properly initialize memory using the i2d_SSL_SESSION function, which allows remote attackers to use a buffer overflow to execute arbitrary code via a large client certificate that is signed by a trusted Certificate Authority (CA), which produces a large serialized session.

Exploits (5)

exploitdb WORKING POC VERIFIED
by spabam · cremoteunix
https://www.exploit-db.com/exploits/764

This exploit targets CVE-2002-0082, a buffer overflow vulnerability in OpenSSL used by Apache. It leverages a precomputed list of memory addresses for various Linux distributions to achieve remote code execution.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Apache with OpenSSL (multiple versions across various Linux distributions)
No auth needed
Prerequisites: Vulnerable Apache/OpenSSL version · Network access to the target
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by spabam · cremoteunix
https://www.exploit-db.com/exploits/21671

This exploit targets a buffer overflow vulnerability in OpenSSL during SSLv2 protocol negotiation, specifically in the handling of the client key value. It includes a large list of target architectures and addresses for various Linux distributions and versions of Apache, aiming to achieve remote code execution.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: OpenSSL (SSLv2 protocol handling) and Apache (various versions)
No auth needed
Prerequisites: Network access to vulnerable OpenSSL/Apache server · SSLv2 protocol enabled on the target
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC
by Brian Peters · cremoteunix
https://www.exploit-db.com/exploits/47080

This exploit targets CVE-2002-0082, a buffer overflow vulnerability in OpenSSL's SSLv2 protocol implementation. It leverages a crafted SSLv2 client request to trigger the overflow and execute arbitrary code on vulnerable Apache HTTP Server instances.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Apache HTTP Server with OpenSSL (multiple versions)
No auth needed
Prerequisites: Vulnerable OpenSSL version with SSLv2 enabled · Network access to the target server
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WRITEUP
by anilkashyap01 · poc
https://github.com/anilkashyap01/Binary-Exploitation-and-Kernel-Escalation

This repository provides a detailed technical walkthrough of exploiting CVE-2002-0082 (mod_ssl buffer overflow) for initial access and CVE-2003-0127 (ptrace race condition) for privilege escalation. It includes step-by-step enumeration, exploit selection, compilation, and execution details.

Classification
Writeup 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Apache httpd 1.3.20 with mod_ssl/2.8.4 and OpenSSL/0.9.6b
No auth needed
Prerequisites: Target running vulnerable Apache/mod_ssl version · Network access to target · Compiler and libraries for exploit compilation
devstral-2 · analyzed Apr 16, 2026 Full analysis →
nomisec WORKING POC
by ratiros01 · poc
https://github.com/ratiros01/CVE-2002-0082

This repository contains a functional exploit for CVE-2002-0082, targeting a buffer overflow vulnerability in OpenSSL's SSLv2 protocol implementation. The exploit is designed to achieve remote code execution (RCE) on vulnerable Apache HTTP Server installations across various Linux distributions and versions.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Apache HTTP Server (various versions) with OpenSSL SSLv2 support
No auth needed
Prerequisites: Vulnerable Apache HTTP Server with OpenSSL SSLv2 enabled · Network access to the target server
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (18)

Core 18
Core References
Vendor Advisory vendor-advisory x_refsource_caldera
http://www.calderasystems.com/support/security/advisories/CSSA-2002-011.0.txt
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/4189
Vendor Advisory vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2002-045.html
Third Party Advisory, VDB Entry vendor-advisory x_refsource_hp
http://www.securityfocus.com/advisories/4008
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=101518491916936&w=2
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://online.securityfocus.com/archive/1/258646
Various Sources vendor-advisory x_refsource_mandrake
http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-020.php
Various Sources vendor-advisory x_refsource_engarde
http://www.linuxsecurity.com/advisories/other_advisory-1923.html
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=101528358424306&w=2
Vendor Advisory vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2002-042.html
Patch, Vendor Advisory vdb-entry x_refsource_xf
http://www.iss.net/security_center/static/8308.php
Vendor Advisory vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2002-041.html
Issue Tracking x_refsource_confirm
http://www.apacheweek.com/issues/02-03-01#security
Various Sources vendor-advisory x_refsource_compaq
http://ftp.support.compaq.com/patches/.new/html/SSRT0817.shtml
Vendor Advisory vendor-advisory x_refsource_conectiva
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000465
Third Party Advisory, VDB Entry vendor-advisory x_refsource_hp
http://www.securityfocus.com/advisories/3965
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2002/dsa-120

Scores

EPSS 0.0270
EPSS Percentile 86.3%

Details

Status published
Products (14)
apache-ssl/apache-ssl 1.40
apache-ssl/apache-ssl 1.41
apache-ssl/apache-ssl 1.42
apache-ssl/apache-ssl 1.44
apache-ssl/apache-ssl 1.45
apache-ssl/apache-ssl 1.46
mod_ssl/mod_ssl 2.7.1
mod_ssl/mod_ssl 2.8
mod_ssl/mod_ssl 2.8.1
mod_ssl/mod_ssl 2.8.2
... and 4 more
Published Mar 15, 2002
Tracked Since Feb 18, 2026