CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
EPSS
Percentile
99.8%
A flaw was found with within mod_isapi which would attempt to unload the ISAPI dll when it encountered various error states. This could leave the callbacks in an undefined state and result in a segfault. On Windows platforms using mod_isapi, a remote attacker could send a malicious request to trigger this issue, and as win32 MPM runs only one process, this would result in a denial of service, and potentially allow arbitrary code execution.
Vendor | Product | Version | CPE |
---|---|---|---|
apache | apache_httpd | 2.0.63 | cpe:2.3:a:apache:apache_httpd:2.0.63:*:*:*:*:*:*:* |
apache | apache_httpd | 2.0.61 | cpe:2.3:a:apache:apache_httpd:2.0.61:*:*:*:*:*:*:* |
apache | apache_httpd | 2.0.59 | cpe:2.3:a:apache:apache_httpd:2.0.59:*:*:*:*:*:*:* |
apache | apache_httpd | 2.0.58 | cpe:2.3:a:apache:apache_httpd:2.0.58:*:*:*:*:*:*:* |
apache | apache_httpd | 2.0.55 | cpe:2.3:a:apache:apache_httpd:2.0.55:*:*:*:*:*:*:* |
apache | apache_httpd | 2.0.54 | cpe:2.3:a:apache:apache_httpd:2.0.54:*:*:*:*:*:*:* |
apache | apache_httpd | 2.0.53 | cpe:2.3:a:apache:apache_httpd:2.0.53:*:*:*:*:*:*:* |
apache | apache_httpd | 2.0.52 | cpe:2.3:a:apache:apache_httpd:2.0.52:*:*:*:*:*:*:* |
apache | apache_httpd | 2.0.51 | cpe:2.3:a:apache:apache_httpd:2.0.51:*:*:*:*:*:*:* |
apache | apache_httpd | 2.0.50 | cpe:2.3:a:apache:apache_httpd:2.0.50:*:*:*:*:*:*:* |