Buffer overflows in the ApacheBench benchmark support program (ab.c) in Apache before 1.3.27, and Apache 2.x before 2.0.43, allow a malicious web server to cause a denial of service and possibly execute arbitrary code via a long response.
2002-10-11T04:00:00.000
2025-04-03T01:03:51.193
Deferred
CVSSv2: 7.5 (HIGH)
AV:N/AC:L/Au:N/C:P/I:P/A:P
10.0
6.4
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | apache | http_server | 1.3 | Yes |
| Application | apache | http_server | 1.3.1 | Yes |
| Application | apache | http_server | 1.3.3 | Yes |
| Application | apache | http_server | 1.3.4 | Yes |
| Application | apache | http_server | 1.3.6 | Yes |
| Application | apache | http_server | 1.3.9 | Yes |
| Application | apache | http_server | 1.3.11 | Yes |
| Application | apache | http_server | 1.3.12 | Yes |
| Application | apache | http_server | 1.3.14 | Yes |
| Application | apache | http_server | 1.3.17 | Yes |
| Application | apache | http_server | 1.3.18 | Yes |
| Application | apache | http_server | 1.3.19 | Yes |
| Application | apache | http_server | 1.3.20 | Yes |
| Application | apache | http_server | 1.3.22 | Yes |
| Application | apache | http_server | 1.3.23 | Yes |
| Application | apache | http_server | 1.3.24 | Yes |
| Application | apache | http_server | 1.3.25 | Yes |
| Application | apache | http_server | 1.3.26 | Yes |
| Application | oracle | application_server | 1.0.2 | Yes |
| Application | oracle | application_server | 1.0.2.1s | Yes |
| Application | oracle | application_server | 1.0.2.2 | Yes |
| Application | oracle | application_server | 9.0.2 | Yes |
| Application | oracle | application_server | 9.0.2 | Yes |
| Application | oracle | application_server | 9.0.2.1 | Yes |
| Application | oracle | database_server | 8.1.7 | Yes |
| Application | oracle | database_server | 9.2.2 | Yes |
| Application | oracle | oracle8i | 8.1.7 | Yes |
| Application | oracle | oracle8i | 8.1.7.0.0_enterprise | Yes |
| Application | oracle | oracle8i | 8.1.7.1 | Yes |
| Application | oracle | oracle8i | 8.1.7.1.0_enterprise | Yes |