CVE-2002-1850

HIGH

Apache HTTP Server 2.0.39-2.0.40 - Denial of Service via mod_cgi stderr Deadlock

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2002-1850. PoCs published by K.C. Wong.

AI-analyzed exploit summary This exploit demonstrates a denial of service (DoS) vulnerability in Apache 2.0.39/2.0.40 by writing excessive data to stderr, causing the process to crash. The PoC generates a large buffer and writes it to stderr, exploiting the default OS limits on error output.

Description

mod_cgi in Apache 2.0.39 and 2.0.40 allows local users and possibly remote attackers to cause a denial of service (hang and memory consumption) by causing a CGI script to send a large amount of data to stderr, which results in a read/write deadlock between httpd and the CGI script.

Exploits (1)

exploitdb WORKING POC VERIFIED

by K.C. Wong · cdoslinux

https://www.exploit-db.com/exploits/21854

View Code ZIP pw:eip

This exploit demonstrates a denial of service (DoS) vulnerability in Apache 2.0.39/2.0.40 by writing excessive data to stderr, causing the process to crash. The PoC generates a large buffer and writes it to stderr, exploiting the default OS limits on error output.

Classification

Working Poc 90%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: Apache 2.0.39/2.0.40

No auth needed

Prerequisites: Access to a system running vulnerable Apache version · Ability to execute the exploit (e.g., via CGI or local access)

MITRE ATT&CK