CVE-2002-2272

Apache HTTP Server - Memory Corruption

Title source: rule

Description

Tomcat 4.0 through 4.1.12, using mod_jk 1.2.1 module on Apache 1.3 through 1.3.27, allows remote attackers to cause a denial of service (desynchronized communications) via an HTTP GET request with a Transfer-Encoding chunked field with invalid values.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Sapient2003 · perldosunix

https://www.exploit-db.com/exploits/22068

View Code ZIP pw:eip

References (3)

[Patch] http://archives.neohapsis.com/archives/bugtraq/2002-12/0045.html

[Exploit, Patch] http://www.securityfocus.com/bid/6320

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/10771

Scores

EPSS 0.3142

EPSS Percentile 96.8%

Details

CWE

CWE-119

Status published

Products (36)

apache/http_server 1.3

apache/http_server 1.3.0

apache/http_server 1.3.1

apache/http_server 1.3.2

apache/http_server 1.3.10

apache/http_server 1.3.11

apache/http_server 1.3.12

apache/http_server 1.3.13

apache/http_server 1.3.14

apache/http_server 1.3.15

... and 26 more

Published Dec 31, 2002

Tracked Since Feb 18, 2026