Lucene search

K
f5F5F5:K40284849
HistoryDec 23, 2015 - 12:00 a.m.

K40284849 : Apache vulnerability CVE-2010-0434

2015-12-2300:00:00
my.f5.com
26

8.9 High

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

0.003 Low

EPSS

Percentile

67.3%

Security Advisory Description

The ap_read_request function in server/protocol.c in the Apache HTTP Server 2.2.x before 2.2.15, when a multithreaded MPM is used, does not properly handle headers in subrequests in certain circumstances involving a parent request that has a body, which might allow remote attackers to obtain sensitive information via a crafted request that triggers access to memory locations associated with an earlier request. (CVE-2010-0434)
Impact
An attacker may be able to obtain sensitive information by triggering access to memory locations associated with an earlier request, using a crafted request to the vulnerable system.

8.9 High

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

0.003 Low

EPSS

Percentile

67.3%