Search for vulnerabilities
Vulnerability details: VCID-97td-xrye-b3en
Vulnerability ID VCID-97td-xrye-b3en
Aliases CVE-2002-0392
Summary Malicious requests can cause various effects ranging from a relatively harmless increase in system resources through to denial of service attacks and in some cases the ability to execute arbitrary remote code.
Status Published
Exploitability 2.0
Weighted Severity 7.0
Risk 10.0
Affected and Fixed Packages Package Details
Weaknesses (0)
There are no known CWE.
System Score Found at
epss 0.60117 https://api.first.org/data/v1/epss?cve=CVE-2002-0392
epss 0.60117 https://api.first.org/data/v1/epss?cve=CVE-2002-0392
epss 0.60117 https://api.first.org/data/v1/epss?cve=CVE-2002-0392
epss 0.60117 https://api.first.org/data/v1/epss?cve=CVE-2002-0392
epss 0.60117 https://api.first.org/data/v1/epss?cve=CVE-2002-0392
epss 0.60117 https://api.first.org/data/v1/epss?cve=CVE-2002-0392
epss 0.60117 https://api.first.org/data/v1/epss?cve=CVE-2002-0392
epss 0.60117 https://api.first.org/data/v1/epss?cve=CVE-2002-0392
epss 0.60117 https://api.first.org/data/v1/epss?cve=CVE-2002-0392
epss 0.60117 https://api.first.org/data/v1/epss?cve=CVE-2002-0392
epss 0.60117 https://api.first.org/data/v1/epss?cve=CVE-2002-0392
epss 0.60117 https://api.first.org/data/v1/epss?cve=CVE-2002-0392
epss 0.60117 https://api.first.org/data/v1/epss?cve=CVE-2002-0392
epss 0.60117 https://api.first.org/data/v1/epss?cve=CVE-2002-0392
epss 0.60117 https://api.first.org/data/v1/epss?cve=CVE-2002-0392
epss 0.60117 https://api.first.org/data/v1/epss?cve=CVE-2002-0392
epss 0.60117 https://api.first.org/data/v1/epss?cve=CVE-2002-0392
cvssv2 6.8 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
apache_httpd critical https://httpd.apache.org/security/json/CVE-2002-0392.json
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2002-0392.json
https://api.first.org/data/v1/epss?cve=CVE-2002-0392
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0392
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
1616772 https://bugzilla.redhat.com/show_bug.cgi?id=1616772
CVE-2002-0392 https://httpd.apache.org/security/json/CVE-2002-0392.json
CVE-2002-0392;OSVDB-838 Exploit https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/21559.c
CVE-2002-0392;OSVDB-838 Exploit https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/21560.c
CVE-2002-0392;OSVDB-838 Exploit https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows_x86/remote/16782.rb
CVE-2002-0392;OSVDB-838 Exploit https://www.securityfocus.com/bid/5033/info
RHSA-2002:103 https://access.redhat.com/errata/RHSA-2002:103
RHSA-2002:117 https://access.redhat.com/errata/RHSA-2002:117
RHSA-2002:118 https://access.redhat.com/errata/RHSA-2002:118
RHSA-2002:126 https://access.redhat.com/errata/RHSA-2002:126
RHSA-2002:150 https://access.redhat.com/errata/RHSA-2002:150
RHSA-2003:106 https://access.redhat.com/errata/RHSA-2003:106
Data source Metasploit
Description This module exploits the chunked transfer integer wrap vulnerability in Apache version 1.2.x to 1.3.24. This particular module has been tested with all versions of the official Win32 build between 1.3.9 and 1.3.24. Additionally, it should work against most co-branded and bundled versions of Apache (Oracle 8i, 9i, IBM HTTPD, etc). You will need to use the Check() functionality to determine the exact target version prior to launching the exploit. The version of Apache bundled with Oracle 8.1.7 will not automatically restart, so if you use the wrong target value, the server will crash.
Note 
Reliability:
  - unknown-reliability
Stability:
  - unknown-stability
SideEffects:
  - unknown-side-effects
Ransomware campaign use Unknown
Source publication date June 19, 2002
Platform Windows
Source URL https://github.com/rapid7/metasploit-framework/tree/master/modules/exploits/windows/http/apache_chunked.rb
Data source Exploit-DB
Date added June 17, 2002
Description Apache 1.x/2.0.x - Chunked-Encoding Memory Corruption (2)
Ransomware campaign use Known
Source publication date June 17, 2002
Exploit type remote
Platform multiple
Source update date Sept. 27, 2012
Source URL https://www.securityfocus.com/bid/5033/info
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.98171
EPSS Score 0.60117
Published At July 31, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2025-07-31T08:28:39.218743+00:00 Apache HTTPD Importer Import https://httpd.apache.org/security/json/CVE-2002-0392.json 37.0.0