Lucene search

K
httpdApache Team FoundationHTTPD:8E1B3D4ADB8B28F84F3DE712A3E33040
HistoryFeb 09, 2010 - 12:00 a.m.

Apache Httpd < 2.0.64 : mod_isapi module unload flaw

2010-02-0900:00:00
Apache Team Foundation
httpd.apache.org
20

CVSS2

10

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

EPSS

0.971

Percentile

99.8%

A flaw was found with within mod_isapi which would attempt to unload the ISAPI dll when it encountered various error states. This could leave the callbacks in an undefined state and result in a segfault. On Windows platforms using mod_isapi, a remote attacker could send a malicious request to trigger this issue, and as win32 MPM runs only one process, this would result in a denial of service, and potentially allow arbitrary code execution.

Affected configurations

Vulners
Node
apacheapache_httpdMatch2.0.63
OR
apacheapache_httpdMatch2.0.61
OR
apacheapache_httpdMatch2.0.59
OR
apacheapache_httpdMatch2.0.58
OR
apacheapache_httpdMatch2.0.55
OR
apacheapache_httpdMatch2.0.54
OR
apacheapache_httpdMatch2.0.53
OR
apacheapache_httpdMatch2.0.52
OR
apacheapache_httpdMatch2.0.51
OR
apacheapache_httpdMatch2.0.50
OR
apacheapache_httpdMatch2.0.49
OR
apacheapache_httpdMatch2.0.48
OR
apacheapache_httpdMatch2.0.47
OR
apacheapache_httpdMatch2.0.46
OR
apacheapache_httpdMatch2.0.45
OR
apacheapache_httpdMatch2.0.44
OR
apacheapache_httpdMatch2.0.43
OR
apacheapache_httpdMatch2.0.42
OR
apacheapache_httpdMatch2.0.40
OR
apacheapache_httpdMatch2.0.39
OR
apacheapache_httpdMatch2.0.37
VendorProductVersionCPE
apacheapache_httpd2.0.63cpe:2.3:a:apache:apache_httpd:2.0.63:*:*:*:*:*:*:*
apacheapache_httpd2.0.61cpe:2.3:a:apache:apache_httpd:2.0.61:*:*:*:*:*:*:*
apacheapache_httpd2.0.59cpe:2.3:a:apache:apache_httpd:2.0.59:*:*:*:*:*:*:*
apacheapache_httpd2.0.58cpe:2.3:a:apache:apache_httpd:2.0.58:*:*:*:*:*:*:*
apacheapache_httpd2.0.55cpe:2.3:a:apache:apache_httpd:2.0.55:*:*:*:*:*:*:*
apacheapache_httpd2.0.54cpe:2.3:a:apache:apache_httpd:2.0.54:*:*:*:*:*:*:*
apacheapache_httpd2.0.53cpe:2.3:a:apache:apache_httpd:2.0.53:*:*:*:*:*:*:*
apacheapache_httpd2.0.52cpe:2.3:a:apache:apache_httpd:2.0.52:*:*:*:*:*:*:*
apacheapache_httpd2.0.51cpe:2.3:a:apache:apache_httpd:2.0.51:*:*:*:*:*:*:*
apacheapache_httpd2.0.50cpe:2.3:a:apache:apache_httpd:2.0.50:*:*:*:*:*:*:*
Rows per page:
1-10 of 211

CVSS2

10

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

EPSS

0.971

Percentile

99.8%