10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.974 High
EPSS
Percentile
99.8%
According to its banner, the version of Apache 2.2 installed on the remote host is older than 2.2.15. Such versions are potentially affected by multiple vulnerabilities :
A TLS renegotiation prefix attack is possible. (CVE-2009-3555)
The ‘mod_proxy_ajp’ module returns the wrong status code if it encounters an error which causes the back-end server to be put into an error state. (CVE-2010-0408)
The ‘mod_isapi’ module attempts to unload the ‘ISAPI.DLL’ when it encounters various error states which could leave call-backs in an undefined state. (CVE-2010-0425)
A flaw in the core sub-request process code can lead to sensitive information from a request being handled by the wrong thread if a multi-threaded environment is used. (CVE-2010-0434)
IAVA Reference : 2011-A-0107
IAVB Reference : 2012-B-0038
STIG Finding Severity : Category I
Binary data 800554.prm
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0408
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0425
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0434
www.apache.org/dist/httpd/CHANGES_2.2.15
httpd.apache.org/security/vulnerabilities_22.html
issues.apache.org/bugzilla/show_bug.cgi?id=48359