Lucene search

[email protected]CVE-2010-0425

HistoryMar 05, 2010 - 7:30 p.m.

CVE-2010-0425

2010-03-0519:30:00

NVD-CWE-noinfo

[email protected]

web.nvd.nist.gov

5470

apache http server

mod_isapi

cve-2010-0425

remote code execution

security vulnerability

9.4 High

AI Score

Confidence

High

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.972 High

EPSS

Percentile

99.8%

JSON

modules/arch/win32/mod_isapi.c in mod_isapi in the Apache HTTP Server 2.0.37 through 2.0.63, 2.2.0 through 2.2.14, and 2.3.x before 2.3.7, when running on Windows, does not ensure that request processing is complete before calling isapi_unload for an ISAPI .dll module, which allows remote attackers to execute arbitrary code via unspecified vectors related to a crafted request, a reset packet, and “orphaned callback pointers.”

CPENameOperatorVersion
apache:http_serverapache http servereq2.3.0
apache:http_serverapache http servereq2.3.1
apache:http_serverapache http servereq2.3.2
apache:http_serverapache http servereq2.3.3
apache:http_serverapache http servereq2.3.4
apache:http_serverapache http servereq2.3.5
apache:http_serverapache http servereq2.3.6
apache:http_serverapache http servereq2.0.9
apache:http_serverapache http servereq2.0.28
apache:http_serverapache http servereq2.0.32

CPE	Name	Operator	Version
apache:http_server	apache http server	eq	2.3.0
apache:http_server	apache http server	eq	2.3.1
apache:http_server	apache http server	eq	2.3.2
apache:http_server	apache http server	eq	2.3.3
apache:http_server	apache http server	eq	2.3.4
apache:http_server	apache http server	eq	2.3.5
apache:http_server	apache http server	eq	2.3.6
apache:http_server	apache http server	eq	2.0.9
apache:http_server	apache http server	eq	2.0.28
apache:http_server	apache http server	eq	2.0.32

Rows per page:

1-10 of 541

References

httpd.apache.org/security/vulnerabilities_20.html

httpd.apache.org/security/vulnerabilities_22.html

lists.vmware.com/pipermail/security-announce/2010/000105.html

secunia.com/advisories/38978

secunia.com/advisories/39628

svn.apache.org/viewvc/httpd/httpd/trunk/CHANGES?r1=917870&r2=917869&pathrev=917870

svn.apache.org/viewvc/httpd/httpd/trunk/modules/arch/win32/mod_isapi.c?r1=917870&r2=917869&pathrev=917870

svn.apache.org/viewvc?view=revision&revision=917870

www-01.ibm.com/support/docview.wss?uid=swg1PM09447

www-01.ibm.com/support/docview.wss?uid=swg1PM12247

www.kb.cert.org/vuls/id/280613

www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html

www.securityfocus.com/bid/38494

www.securitytracker.com/id?1023701

www.senseofsecurity.com.au/advisories/SOS-10-002

www.vmware.com/security/advisories/VMSA-2010-0014.html

www.vupen.com/english/advisories/2010/0634

www.vupen.com/english/advisories/2010/0994

exchange.xforce.ibmcloud.com/vulnerabilities/56624

lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E

lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E

lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E

lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E

lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E

lists.apache.org/thread.html/r2295080a257bad27ea68ca0af12fc715577f9e84801eae116a33107e%40%3Ccvs.httpd.apache.org%3E

lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3E

lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E

lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4%40%3Ccvs.httpd.apache.org%3E

lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E

lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3E

lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3E

lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E

lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E

lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3Ccvs.httpd.apache.org%3E

lists.apache.org/thread.html/rad2acee3ab838b52c04a0698b1728a9a43467bf365bd481c993c535d%40%3Ccvs.httpd.apache.org%3E

lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10%40%3Ccvs.httpd.apache.org%3E

lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E

lists.apache.org/thread.html/reb7c64aeea604bf948467d9d1cab8ff23fa7d002be1964bcc275aae7%40%3Ccvs.httpd.apache.org%3E

lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E

lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8439

www.exploit-db.com/exploits/11650

Social References

9.4 High

AI Score

Confidence

High

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.972 High

EPSS

Percentile

99.8%

JSON

Related for CVE-2010-0425

seebug3 exploitdb2 cert1 checkpoint_advisories1 securityvulns3 httpd2 debiancve1 packetstorm1 exploitpack1 prion1 ubuntucve1 nessus8 openvas5 slackware1 altlinux3 vmware2 oracle1