The shared memory scoreboard in the HTTP daemon for Apache 1.3.x before 1.3.27 allows any user running as the Apache UID to send a SIGUSR1 signal to any process as root, resulting in a denial of service (process kill) or possibly other behaviors that would not normally be allowed, by modifying the parent[].pid and parent[].last_rtime segments in the scoreboard.
References
Configurations
History
07 Nov 2023, 01:55
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Information
Published : 2002-10-11 04:00
Updated : 2024-02-28 10:24
NVD link : CVE-2002-0839
Mitre link : CVE-2002-0839
CVE.ORG link : CVE-2002-0839
JSON object : View
Products Affected
debian
- debian_linux
apache
- http_server
CWE