Lucene search

K
nvd[email protected]NVD:CVE-2010-0425
HistoryMar 05, 2010 - 7:30 p.m.

CVE-2010-0425

2010-03-0519:30:00
web.nvd.nist.gov
9

CVSS2

10

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

AI Score

7.5

Confidence

Low

EPSS

0.971

Percentile

99.8%

modules/arch/win32/mod_isapi.c in mod_isapi in the Apache HTTP Server 2.0.37 through 2.0.63, 2.2.0 through 2.2.14, and 2.3.x before 2.3.7, when running on Windows, does not ensure that request processing is complete before calling isapi_unload for an ISAPI .dll module, which allows remote attackers to execute arbitrary code via unspecified vectors related to a crafted request, a reset packet, and “orphaned callback pointers.”

Affected configurations

Nvd
Node
apachehttp_serverMatch2.3.0
OR
apachehttp_serverMatch2.3.1
OR
apachehttp_serverMatch2.3.2
OR
apachehttp_serverMatch2.3.3
OR
apachehttp_serverMatch2.3.4
OR
apachehttp_serverMatch2.3.5
OR
apachehttp_serverMatch2.3.6
AND
microsoftwindows
Node
apachehttp_serverMatch2.0.9
OR
apachehttp_serverMatch2.0.28
OR
apachehttp_serverMatch2.0.28beta
OR
apachehttp_serverMatch2.0.32
OR
apachehttp_serverMatch2.0.32beta
OR
apachehttp_serverMatch2.0.34beta
OR
apachehttp_serverMatch2.0.35
OR
apachehttp_serverMatch2.0.36
OR
apachehttp_serverMatch2.0.37
OR
apachehttp_serverMatch2.0.38
OR
apachehttp_serverMatch2.0.39
OR
apachehttp_serverMatch2.0.40
OR
apachehttp_serverMatch2.0.41
OR
apachehttp_serverMatch2.0.42
OR
apachehttp_serverMatch2.0.43
OR
apachehttp_serverMatch2.0.44
OR
apachehttp_serverMatch2.0.45
OR
apachehttp_serverMatch2.0.46
OR
apachehttp_serverMatch2.0.47
OR
apachehttp_serverMatch2.0.48
OR
apachehttp_serverMatch2.0.49
OR
apachehttp_serverMatch2.0.50
OR
apachehttp_serverMatch2.0.51
OR
apachehttp_serverMatch2.0.52
OR
apachehttp_serverMatch2.0.53
OR
apachehttp_serverMatch2.0.54
OR
apachehttp_serverMatch2.0.55
OR
apachehttp_serverMatch2.0.56
OR
apachehttp_serverMatch2.0.57
OR
apachehttp_serverMatch2.0.58
OR
apachehttp_serverMatch2.0.59
OR
apachehttp_serverMatch2.0.60
OR
apachehttp_serverMatch2.0.61
OR
apachehttp_serverMatch2.0.63
AND
microsoftwindows
Node
apachehttp_serverMatch-
OR
apachehttp_serverMatch2.2.0
OR
apachehttp_serverMatch2.2.1
OR
apachehttp_serverMatch2.2.2
OR
apachehttp_serverMatch2.2.3
OR
apachehttp_serverMatch2.2.4
OR
apachehttp_serverMatch2.2.6
OR
apachehttp_serverMatch2.2.7
OR
apachehttp_serverMatch2.2.8
OR
apachehttp_serverMatch2.2.9
OR
apachehttp_serverMatch2.2.10
OR
apachehttp_serverMatch2.2.11
OR
apachehttp_serverMatch2.2.12
OR
apachehttp_serverMatch2.2.13
OR
apachehttp_serverMatch2.2.14
AND
microsoftwindows
VendorProductVersionCPE
apachehttp_server2.3.0cpe:2.3:a:apache:http_server:2.3.0:*:*:*:*:*:*:*
apachehttp_server2.3.1cpe:2.3:a:apache:http_server:2.3.1:*:*:*:*:*:*:*
apachehttp_server2.3.2cpe:2.3:a:apache:http_server:2.3.2:*:*:*:*:*:*:*
apachehttp_server2.3.3cpe:2.3:a:apache:http_server:2.3.3:*:*:*:*:*:*:*
apachehttp_server2.3.4cpe:2.3:a:apache:http_server:2.3.4:*:*:*:*:*:*:*
apachehttp_server2.3.5cpe:2.3:a:apache:http_server:2.3.5:*:*:*:*:*:*:*
apachehttp_server2.3.6cpe:2.3:a:apache:http_server:2.3.6:*:*:*:*:*:*:*
microsoftwindows*cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*
apachehttp_server2.0.9cpe:2.3:a:apache:http_server:2.0.9:*:*:*:*:*:*:*
apachehttp_server2.0.28cpe:2.3:a:apache:http_server:2.0.28:*:*:*:*:*:*:*
Rows per page:
1-10 of 571

References

CVSS2

10

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

AI Score

7.5

Confidence

Low

EPSS

0.971

Percentile

99.8%