CVE-2002-0392

Name of the Vulnerable Software and Affected Versions Apache versions 1.3 through 1.3.24 Apache versions 2.0 through 2.0.36

Description The issue allows remote attackers to cause a denial of service and possibly execute arbitrary code via a chunk-encoded HTTP request that causes the software to use an incorrect size. Malicious requests can have various effects, including an increase in system resources, denial of service attacks, and in some cases, the ability to execute arbitrary remote code.

Recommendations For Apache versions 1.3 through 1.3.24, update to a version outside of this range to resolve the issue. For Apache versions 2.0 through 2.0.36, update to a version outside of this range to resolve the issue. As a temporary workaround, consider restricting access to chunk-encoded HTTP requests until a patch is available.