PT-2002-2984 · Apache · Apache+2

Published

2002-12-31

Updated

2022-04-30

CVE-2002-2272

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions: Apache versions 1.3 through 1.3.27 Tomcat versions 4.0 through 4.1.12

Description: The issue allows remote attackers to cause a denial of service via an HTTP GET request with a Transfer-Encoding chunked field containing invalid values, leading to desynchronized communications.

Recommendations: For Apache versions 1.3 through 1.3.27, consider updating the mod jk module to a version later than 1.2.1 as a fix. For Tomcat versions 4.0 through 4.1.12, update Tomcat to a version later than 4.1.12 to resolve the issue.

Exploit

Fix

DoS

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119

Related Identifiers

CVE-2002-2272

GHSA-PQR5-9V2J-44XG

Affected Products

Apache

Apache Tomcat

Mod Jk

PT-2002-2984 · Apache · Apache+2

CVE-2002-2272

Weakness Enumeration

Related Identifiers

Affected Products

References · 9