CVE-2002-0392

EXPLOITED

Apache HTTP Server 1.3-1.3.24 & 2.0-2.0.36 - DoS & RCE via Chunk-Encoded Request

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2002-0392 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 4 public exploits from researchers including Metasploit, Gobbles Security, hdm, jduck, including a Metasploit module exploits/windows/http/apache_chunked.

AI-analyzed exploit summary This is a Metasploit module exploiting CVE-2002-0392, a chunked transfer encoding vulnerability in Apache 1.2.x to 1.3.24 on Windows. It includes multiple targets for different Apache versions and configurations, with payload delivery for remote code execution.

Description

Apache 1.3 through 1.3.24, and Apache 2.0 through 2.0.36, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a chunk-encoded HTTP request that causes Apache to use an incorrect size.

Exploits (4)

exploitdb WORKING POC VERIFIED
by Metasploit · rubyremotewindows_x86
https://www.exploit-db.com/exploits/16782

This is a Metasploit module exploiting CVE-2002-0392, a chunked transfer encoding vulnerability in Apache 1.2.x to 1.3.24 on Windows. It includes multiple targets for different Apache versions and configurations, with payload delivery for remote code execution.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Apache HTTP Server 1.2.x to 1.3.24 (Win32)
No auth needed
Prerequisites: Network access to vulnerable Apache server · Correct target selection based on version
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by Gobbles Security · cremotemultiple
https://www.exploit-db.com/exploits/21560

This exploit targets a buffer overflow vulnerability in Apache (CVE-2002-0392) due to improper handling of 'Chunked Encoding' requests. It includes shellcode for FreeBSD and NetBSD, leveraging brute-force techniques to achieve remote code execution.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Moderate
Reliability
Racy
Target: Apache 1.3.20, 1.3.22-24
No auth needed
Prerequisites: Vulnerable Apache version with Chunked Encoding enabled · Network access to the target
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by Gobbles Security · cremotemultiple
https://www.exploit-db.com/exploits/21559

This exploit targets CVE-2002-0392, a chunked encoding vulnerability in Apache on OpenBSD/x86. It leverages a buffer overflow to achieve remote code execution by manipulating the memcpy implementation and brute-forcing return addresses.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Complex
Reliability
Racy
Target: Apache 1.3.20-1.3.24 on OpenBSD 2.6-3.1 (x86)
No auth needed
Prerequisites: Network access to vulnerable Apache server · OpenBSD/x86 target with specific Apache versions
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC GOOD
by hdm, jduck · rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/http/apache_chunked.rb

This Metasploit module exploits a chunked transfer integer wrap vulnerability in Apache 1.2.x to 1.3.24 on Windows systems. It includes multiple targets for different Apache versions and configurations, leveraging a buffer overflow to achieve remote code execution.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Apache HTTP Server 1.2.x to 1.3.24 (Win32)
No auth needed
Prerequisites: Network access to the target Apache server · Vulnerable version of Apache running on Windows
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (45)

Core 45
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/20005
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/5033
Broken Link vendor-advisory x_refsource_sgi
ftp://patches.sgi.com/support/free/security/advisories/20020605-01-I
Third Party Advisory vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2002-150.html
Broken Link vendor-advisory x_refsource_caldera
ftp://ftp.caldera.com/pub/updates/OpenServer/CSSA-2002-SCO.32
Patch, Third Party Advisory, US Government Resource third-party-advisory x_refsource_cert
http://www.cert.org/advisories/CA-2002-17.html
Broken Link vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2002-118.html
Third Party Advisory vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2003-106.html
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2002/dsa-133
Broken Link vendor-advisory x_refsource_caldera
ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-029.0.txt
Broken Link vendor-advisory x_refsource_caldera
ftp://ftp.caldera.com/pub/updates/OpenUNIX/CSSA-2002-SCO.31
Third Party Advisory vendor-advisory x_refsource_engarde
http://www.linuxsecurity.com/advisories/other_advisory-2137.html
Broken Link vendor-advisory x_refsource_suse
http://www.novell.com/linux/security/advisories/2002_22_apache.html
Third Party Advisory, US Government Resource third-party-advisory x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/944335
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2002/dsa-132
Broken Link, Third Party Advisory, VDB Entry vendor-advisory x_refsource_hp
http://online.securityfocus.com/advisories/4240
Broken Link mailing-list x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2002-06/0235.html
Broken Link, Third Party Advisory, VDB Entry vendor-advisory x_refsource_hp
http://online.securityfocus.com/advisories/4257
Broken Link vdb-entry x_refsource_osvdb
http://www.osvdb.org/838
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2002/dsa-131
Broken Link vendor-advisory x_refsource_conectiva
http://distro.conectiva.com/atualizacoes/?id=a&anuncio=000498
Broken Link vendor-advisory x_refsource_sgi
ftp://patches.sgi.com/support/free/security/advisories/20020605-01-A
Broken Link mailing-list x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2002-06/0266.html
Broken Link, Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://online.securityfocus.com/archive/1/278149
Broken Link vendor-advisory x_refsource_mandrake
http://frontal2.mandriva.com/security/advisories?name=MDKSA-2002:039
Broken Link vdb-entry x_refsource_xf
http://www.iss.net/security_center/static/9249.php
Third Party Advisory vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2002-126.html
Broken Link vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2002-103.html
Third Party Advisory third-party-advisory x_refsource_frsirt
http://www.frsirt.com/english/advisories/2006/3598
Broken Link vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2002-117.html
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/21917

Scores

EPSS 0.5389
EPSS Percentile 98.1%

Details

VulnCheck KEV 2002-06-17
Status published
Products (2)
apache/http_server 1.2.2 - 1.3.24
debian/debian_linux 2.2
Published Jul 03, 2002
Tracked Since Feb 18, 2026