Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusTenable800554.PRM
HistoryMar 08, 2010 - 12:00 a.m.

Apache < 2.2.15 Multiple Vulnerabilities

2010-03-0800:00:00
Tenable
www.tenable.com
27

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.974 High

EPSS

Percentile

99.8%

JSON

According to its banner, the version of Apache 2.2 installed on the remote host is older than 2.2.15. Such versions are potentially affected by multiple vulnerabilities :

  • A TLS renegotiation prefix attack is possible. (CVE-2009-3555)

  • The ‘mod_proxy_ajp’ module returns the wrong status code if it encounters an error which causes the back-end server to be put into an error state. (CVE-2010-0408)

  • The ‘mod_isapi’ module attempts to unload the ‘ISAPI.DLL’ when it encounters various error states which could leave call-backs in an undefined state. (CVE-2010-0425)

  • A flaw in the core sub-request process code can lead to sensitive information from a request being handled by the wrong thread if a multi-threaded environment is used. (CVE-2010-0434)

IAVA Reference : 2011-A-0107
IAVB Reference : 2012-B-0038
STIG Finding Severity : Category I

Binary data 800554.prm

Related

nessus 53
openvas 58
fedora 9
slackware 2
debian 5
osv 1
redhat 5
oraclelinux 3
ubuntu 3
centos 4
altlinux 5
exploitdb 1
seebug 7
cert 1
checkpoint_advisories 1
securityvulns 7
httpd 5
cve 4
debiancve 3
veracode 3
ubuntucve 3
packetstorm 1
exploitpack 1
prion 3
kaspersky 1
f5 4
suse 1
hackerone 2
mozilla 1
cisco 1
fortinet 1
nessus
nessus
Apache < 2.2.15 Multiple Vulnerabilities
2010-03-08 00:00:00
Slackware 12.0 / 12.1 / 12.2 / 13.0 / current : httpd (SSA:2010-067-01)
2010-03-09 00:00:00
Apache 2.2.x < 2.2.15 Multiple Vulnerabilities
2010-10-20 00:00:00
openvas
openvas
Slackware: Security Advisory (SSA:2010-067-01)
2012-09-10 00:00:00
Fedora Update for httpd FEDORA-2010-6131
2010-05-07 00:00:00
Fedora Update for httpd FEDORA-2010-6055
2010-06-07 00:00:00
fedora
fedora
[SECURITY] Fedora 12 Update: httpd-2.2.15-1.fc12.2
2010-05-31 18:25:29
[SECURITY] Fedora 11 Update: httpd-2.2.15-1.fc11.1
2010-05-04 06:06:43
[SECURITY] Fedora 13 Update: httpd-2.2.15-1.fc13
2010-04-22 22:51:41
slackware
slackware
[slackware-security] httpd
2010-03-08 22:39:33
openssl
2009-11-16 13:42:36
debian
debian
[SECURITY] [DSA-2035-1] New apache2 packages fix several issues
2010-04-17 20:58:14
[SECURITY] [DSA-2035-1] New apache2 packages fix several issues
2010-04-17 20:58:14
[SECURITY] [DSA-2141-4] New lighttpd packages fix regression
2011-01-12 18:51:18
osv
osv
apache2 - several issues
2010-04-17 00:00:00
redhat
redhat
(RHSA-2010:0168) Moderate: httpd security and enhancement update
2010-03-25 00:00:00
(RHSA-2010:0396) Moderate: httpd and httpd22 security and enhancement update
2010-05-05 00:00:00
(RHSA-2010:0175) Low: httpd security, bug fix, and enhancement update
2010-03-25 00:00:00
oraclelinux
oraclelinux
httpd security and enhancement update
2010-03-25 00:00:00
httpd security, bug fix, and enhancement update
2010-03-25 00:00:00
openssl097a security update
2010-03-25 00:00:00
ubuntu
ubuntu
Apache vulnerabilities
2010-03-10 00:00:00
Apache vulnerability
2010-09-21 00:00:00
NSS vulnerability
2010-04-09 00:00:00
centos
centos
httpd, mod_ssl security update
2010-03-28 15:40:00
httpd, mod_ssl security update
2010-03-28 20:51:15
openssl097a security update
2010-03-27 17:44:36
altlinux
altlinux
Security fix for the ALT Linux 10 package apache2 version 2.2.16-alt1
2010-09-16 00:00:00
Security fix for the ALT Linux 8 package apache2 version 2.2.16-alt1
2010-09-16 00:00:00
Security fix for the ALT Linux 9 package apache2 version 2.2.16-alt1
2010-09-16 00:00:00
exploitdb
exploitdb
Write-to-file Shellcode Win32
2010-07-09 00:00:00
seebug
seebug
Write-to-file Shellcode (Win32)
2014-07-01 00:00:00
Apache 2.2.x子请求处理信息泄露漏洞
2010-03-23 00:00:00
Apache 'mod_isapi' Memory Corruption Vulnerability
2010-03-17 00:00:00
cert
cert
Apache mod_isapi module library unload results in orphaned callback pointers
2010-03-11 00:00:00
checkpoint_advisories
checkpoint_advisories
Apache HTTP Server mod_isapi Dangling Pointer Remote Code Execution (CVE-2010-0425)
2010-05-24 00:00:00
securityvulns
securityvulns
Apache mod_isapi uninitialized pointer function call
2010-03-11 00:00:00
Apache mod_isapi Dangling Pointer Vulnerability - Security Advisory - SOS-10-002
2010-03-11 00:00:00
[ MDVSA-2010:057 ] apache
2010-03-09 00:00:00
httpd
httpd
Apache Httpd < 2.2.15 : mod_isapi module unload flaw
2010-02-09 00:00:00
Apache Httpd < 2.0.64 : mod_isapi module unload flaw
2010-02-09 00:00:00
Apache Httpd < 2.2.15 : Subrequest handling of request headers (mod_headers)
2009-12-09 00:00:00
cve
cve
CVE-2010-0425
2010-03-05 19:30:00
CVE-2010-0434
2010-03-05 19:30:00
CVE-2010-0408
2010-03-05 16:30:00
debiancve
debiancve
CVE-2010-0425
2010-03-05 19:30:00
CVE-2010-0434
2010-03-05 19:30:00
CVE-2010-0408
2010-03-05 16:30:00
veracode
veracode
Information Disclosure
2020-04-10 00:47:47
Denial Of Service (DoS)
2020-04-10 00:47:47
Man-in-the-Middle (MitM)
2020-04-10 00:36:56
ubuntucve
ubuntucve
CVE-2010-0434
2010-03-05 00:00:00
CVE-2010-0425
2010-03-05 00:00:00
CVE-2010-0408
2010-03-05 00:00:00
packetstorm
packetstorm
Apache 2.2.14 mod_isapi Remote SYSTEM Exploit
2010-03-06 00:00:00
exploitpack
exploitpack
Apache 2.2.14 mod_isapi - Dangling Pointer Remote SYSTEM
2010-03-07 00:00:00
prion
prion
Design/Logic Flaw
2010-03-05 19:30:00
Design/Logic Flaw
2010-03-05 19:30:00
Design/Logic Flaw
2010-03-05 16:30:00
kaspersky
kaspersky
KLA10386 Multiple vulnerabilities in VMware
2010-09-23 00:00:00
f5
f5
K40284849 : Apache vulnerability CVE-2010-0434
2015-12-23 00:00:00
SOL40284849 - Apache vulnerability CVE-2010-0434
2015-12-23 00:00:00
K52470083 : Apache vulnerability CVE-2010-0408
2015-12-23 00:00:00
suse
suse
man-in-the-middle attack in openssl
2009-11-18 09:50:39
hackerone
hackerone
LocalTapiola: Secure Client-Initiated Renegotiation
2017-12-27 15:57:52
Slack: TLS1/SSLv3 Renegotiation Vulnerability
2014-04-02 13:01:00
mozilla
mozilla
Update NSS to support TLS renegotiation indication — Mozilla
2010-03-30 00:00:00
cisco
cisco
Transport Layer Security Renegotiation Vulnerability
2009-11-09 13:00:00
fortinet
fortinet
FortiOS SSL Deep-Inspection possible Insecure Renegotiation
2017-11-03 00:00:00

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.974 High

EPSS

Percentile

99.8%

JSON
Related for 800554.PRM
nessus53openvas58fedora9slackware2debian5osv1redhat5oraclelinux3ubuntu3centos4altlinux5exploitdb1seebug7cert1checkpoint_advisories1securityvulns7httpd5cve4debiancve3veracode3ubuntucve3packetstorm1exploitpack1prion3kaspersky1f54suse1hackerone2mozilla1cisco1fortinet1