10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.972 High
EPSS
Percentile
99.8%
modules/arch/win32/mod_isapi.c in mod_isapi in the Apache HTTP Server 2.0.37 through 2.0.63, 2.2.0 through 2.2.14, and 2.3.x before 2.3.7, when running on Windows, does not ensure that request processing is complete before calling isapi_unload for an ISAPI .dll module, which allows remote attackers to execute arbitrary code via unspecified vectors related to a crafted request, a reset packet, and “orphaned callback pointers.”
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 12 | all | apache2 | < 2.4.57-2 | apache2_2.4.57-2_all.deb |
Debian | 11 | all | apache2 | < 2.4.56-1~deb11u2 | apache2_2.4.56-1~deb11u2_all.deb |
Debian | 10 | all | apache2 | < 2.4.38-3+deb10u8 | apache2_2.4.38-3+deb10u8_all.deb |
Debian | 999 | all | apache2 | < 2.4.59-1 | apache2_2.4.59-1_all.deb |
Debian | 13 | all | apache2 | < 2.4.58-1 | apache2_2.4.58-1_all.deb |