Search for vulnerabilities
Vulnerability details: VCID-jz2v-4k62-aaac
Vulnerability ID VCID-jz2v-4k62-aaac
Aliases CVE-2002-0392
Summary Apache 1.3 through 1.3.24, and Apache 2.0 through 2.0.36, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a chunk-encoded HTTP request that causes Apache to use an incorrect size.
Status Published
Exploitability 2.0
Weighted Severity 7.0
Risk 10.0
Affected and Fixed Packages Package Details
Weaknesses (0)
There are no known CWE.
System Score Found at
epss 0.53136 https://api.first.org/data/v1/epss?cve=CVE-2002-0392
epss 0.53136 https://api.first.org/data/v1/epss?cve=CVE-2002-0392
epss 0.53136 https://api.first.org/data/v1/epss?cve=CVE-2002-0392
epss 0.53136 https://api.first.org/data/v1/epss?cve=CVE-2002-0392
epss 0.53136 https://api.first.org/data/v1/epss?cve=CVE-2002-0392
epss 0.53136 https://api.first.org/data/v1/epss?cve=CVE-2002-0392
epss 0.53136 https://api.first.org/data/v1/epss?cve=CVE-2002-0392
epss 0.53136 https://api.first.org/data/v1/epss?cve=CVE-2002-0392
epss 0.53136 https://api.first.org/data/v1/epss?cve=CVE-2002-0392
epss 0.53136 https://api.first.org/data/v1/epss?cve=CVE-2002-0392
epss 0.53136 https://api.first.org/data/v1/epss?cve=CVE-2002-0392
epss 0.53136 https://api.first.org/data/v1/epss?cve=CVE-2002-0392
epss 0.53136 https://api.first.org/data/v1/epss?cve=CVE-2002-0392
epss 0.53136 https://api.first.org/data/v1/epss?cve=CVE-2002-0392
epss 0.53136 https://api.first.org/data/v1/epss?cve=CVE-2002-0392
epss 0.53136 https://api.first.org/data/v1/epss?cve=CVE-2002-0392
epss 0.53136 https://api.first.org/data/v1/epss?cve=CVE-2002-0392
epss 0.53136 https://api.first.org/data/v1/epss?cve=CVE-2002-0392
epss 0.53136 https://api.first.org/data/v1/epss?cve=CVE-2002-0392
epss 0.53136 https://api.first.org/data/v1/epss?cve=CVE-2002-0392
epss 0.53136 https://api.first.org/data/v1/epss?cve=CVE-2002-0392
epss 0.53136 https://api.first.org/data/v1/epss?cve=CVE-2002-0392
epss 0.53136 https://api.first.org/data/v1/epss?cve=CVE-2002-0392
epss 0.53136 https://api.first.org/data/v1/epss?cve=CVE-2002-0392
epss 0.53136 https://api.first.org/data/v1/epss?cve=CVE-2002-0392
epss 0.53136 https://api.first.org/data/v1/epss?cve=CVE-2002-0392
epss 0.53136 https://api.first.org/data/v1/epss?cve=CVE-2002-0392
epss 0.53136 https://api.first.org/data/v1/epss?cve=CVE-2002-0392
epss 0.53136 https://api.first.org/data/v1/epss?cve=CVE-2002-0392
epss 0.53136 https://api.first.org/data/v1/epss?cve=CVE-2002-0392
epss 0.53136 https://api.first.org/data/v1/epss?cve=CVE-2002-0392
epss 0.53136 https://api.first.org/data/v1/epss?cve=CVE-2002-0392
epss 0.53136 https://api.first.org/data/v1/epss?cve=CVE-2002-0392
epss 0.53136 https://api.first.org/data/v1/epss?cve=CVE-2002-0392
epss 0.53136 https://api.first.org/data/v1/epss?cve=CVE-2002-0392
epss 0.53136 https://api.first.org/data/v1/epss?cve=CVE-2002-0392
epss 0.53136 https://api.first.org/data/v1/epss?cve=CVE-2002-0392
epss 0.53136 https://api.first.org/data/v1/epss?cve=CVE-2002-0392
epss 0.53136 https://api.first.org/data/v1/epss?cve=CVE-2002-0392
epss 0.53136 https://api.first.org/data/v1/epss?cve=CVE-2002-0392
epss 0.53136 https://api.first.org/data/v1/epss?cve=CVE-2002-0392
epss 0.63404 https://api.first.org/data/v1/epss?cve=CVE-2002-0392
epss 0.75283 https://api.first.org/data/v1/epss?cve=CVE-2002-0392
epss 0.75283 https://api.first.org/data/v1/epss?cve=CVE-2002-0392
epss 0.75283 https://api.first.org/data/v1/epss?cve=CVE-2002-0392
epss 0.75283 https://api.first.org/data/v1/epss?cve=CVE-2002-0392
epss 0.75283 https://api.first.org/data/v1/epss?cve=CVE-2002-0392
epss 0.75283 https://api.first.org/data/v1/epss?cve=CVE-2002-0392
epss 0.75283 https://api.first.org/data/v1/epss?cve=CVE-2002-0392
epss 0.75283 https://api.first.org/data/v1/epss?cve=CVE-2002-0392
epss 0.75283 https://api.first.org/data/v1/epss?cve=CVE-2002-0392
epss 0.75283 https://api.first.org/data/v1/epss?cve=CVE-2002-0392
epss 0.75283 https://api.first.org/data/v1/epss?cve=CVE-2002-0392
epss 0.78735 https://api.first.org/data/v1/epss?cve=CVE-2002-0392
epss 0.78735 https://api.first.org/data/v1/epss?cve=CVE-2002-0392
epss 0.78735 https://api.first.org/data/v1/epss?cve=CVE-2002-0392
epss 0.78735 https://api.first.org/data/v1/epss?cve=CVE-2002-0392
rhbs medium https://bugzilla.redhat.com/show_bug.cgi?id=1616772
cvssv2 6.8 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
apache_httpd critical https://httpd.apache.org/security/json/CVE-2002-0392.json
cvssv2 7.5 https://nvd.nist.gov/vuln/detail/CVE-2002-0392
Reference id Reference type URL
ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-029.0.txt
ftp://ftp.caldera.com/pub/updates/OpenServer/CSSA-2002-SCO.32
ftp://ftp.caldera.com/pub/updates/OpenUNIX/CSSA-2002-SCO.31
ftp://patches.sgi.com/support/free/security/advisories/20020605-01-A
ftp://patches.sgi.com/support/free/security/advisories/20020605-01-I
http://archives.neohapsis.com/archives/bugtraq/2002-06/0235.html
http://archives.neohapsis.com/archives/bugtraq/2002-06/0266.html
http://distro.conectiva.com/atualizacoes/?id=a&anuncio=000498
http://frontal2.mandriva.com/security/advisories?name=MDKSA-2002:039
http://httpd.apache.org/info/security_bulletin_20020617.txt
http://online.securityfocus.com/advisories/4240
http://online.securityfocus.com/advisories/4257
http://online.securityfocus.com/archive/1/278149
http://rhn.redhat.com/errata/RHSA-2002-103.html
http://rhn.redhat.com/errata/RHSA-2002-117.html
http://rhn.redhat.com/errata/RHSA-2002-118.html
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2002-0392.json
https://api.first.org/data/v1/epss?cve=CVE-2002-0392
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0392
http://secunia.com/advisories/21917
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r5001ecf3d6b2bdd0b732e527654248abb264f08390045d30709a92f6@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r5001ecf3d6b2bdd0b732e527654248abb264f08390045d30709a92f6%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rd00b45b93fda4a5bd013b28587207d0e00f99f6e3308dbb6025f3b01@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rd00b45b93fda4a5bd013b28587207d0e00f99f6e3308dbb6025f3b01%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rf2f0f3611f937cf6cfb3b4fe4a67f69885855126110e1e3f2fb2728e@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rf2f0f3611f937cf6cfb3b4fe4a67f69885855126110e1e3f2fb2728e%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E
http://www2.itrc.hp.com/service/cki/docDisplay.do?docLocale=en_US&docId=200000083816475
http://www.cert.org/advisories/CA-2002-17.html
http://www.debian.org/security/2002/dsa-131
http://www.debian.org/security/2002/dsa-132
http://www.debian.org/security/2002/dsa-133
http://www.frsirt.com/english/advisories/2006/3598
http://www.iss.net/security_center/static/9249.php
http://www.kb.cert.org/vuls/id/944335
http://www.linuxsecurity.com/advisories/other_advisory-2137.html
http://www.novell.com/linux/security/advisories/2002_22_apache.html
http://www.osvdb.org/838
http://www.redhat.com/support/errata/RHSA-2002-126.html
http://www.redhat.com/support/errata/RHSA-2002-150.html
http://www.redhat.com/support/errata/RHSA-2003-106.html
http://www.securityfocus.com/bid/20005
http://www.securityfocus.com/bid/5033
1616772 https://bugzilla.redhat.com/show_bug.cgi?id=1616772
cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:2.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:2.2:*:*:*:*:*:*:*
CVE-2002-0392 https://httpd.apache.org/security/json/CVE-2002-0392.json
CVE-2002-0392 https://nvd.nist.gov/vuln/detail/CVE-2002-0392
CVE-2002-0392;OSVDB-838 Exploit https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/21559.c
CVE-2002-0392;OSVDB-838 Exploit https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/21560.c
CVE-2002-0392;OSVDB-838 Exploit https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows_x86/remote/16782.rb
CVE-2002-0392;OSVDB-838 Exploit https://www.securityfocus.com/bid/5033/info
RHSA-2002:103 https://access.redhat.com/errata/RHSA-2002:103
RHSA-2002:117 https://access.redhat.com/errata/RHSA-2002:117
RHSA-2002:118 https://access.redhat.com/errata/RHSA-2002:118
RHSA-2002:126 https://access.redhat.com/errata/RHSA-2002:126
RHSA-2002:150 https://access.redhat.com/errata/RHSA-2002:150
RHSA-2003:106 https://access.redhat.com/errata/RHSA-2003:106
Data source Exploit-DB
Date added July 7, 2010
Description Apache (Windows x86) - Chunked Encoding (Metasploit)
Ransomware campaign use Known
Source publication date July 7, 2010
Exploit type remote
Platform windows_x86
Source update date Dec. 19, 2016
Data source Metasploit
Description This module exploits the chunked transfer integer wrap vulnerability in Apache version 1.2.x to 1.3.24. This particular module has been tested with all versions of the official Win32 build between 1.3.9 and 1.3.24. Additionally, it should work against most co-branded and bundled versions of Apache (Oracle 8i, 9i, IBM HTTPD, etc). You will need to use the Check() functionality to determine the exact target version prior to launching the exploit. The version of Apache bundled with Oracle 8.1.7 will not automatically restart, so if you use the wrong target value, the server will crash.
Note 
{}
Ransomware campaign use Unknown
Source publication date June 19, 2002
Platform Windows
Source URL https://github.com/rapid7/metasploit-framework/tree/master/modules/exploits/windows/http/apache_chunked.rb
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2002-0392
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.97735
EPSS Score 0.53136
Published At March 28, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
There are no relevant records.