CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
AI Score
Confidence
Low
EPSS
Percentile
99.8%
modules/arch/win32/mod_isapi.c in mod_isapi in the Apache HTTP Server 2.0.37 through 2.0.63, 2.2.0 through 2.2.14, and 2.3.x before 2.3.7, when running on Windows, does not ensure that request processing is complete before calling isapi_unload for an ISAPI .dll module, which allows remote attackers to execute arbitrary code via unspecified vectors related to a crafted request, a reset packet, and “orphaned callback pointers.”
Vendor | Product | Version | CPE |
---|---|---|---|
apache | http_server | 2.3.0 | cpe:2.3:a:apache:http_server:2.3.0:*:*:*:*:*:*:* |
apache | http_server | 2.3.1 | cpe:2.3:a:apache:http_server:2.3.1:*:*:*:*:*:*:* |
apache | http_server | 2.3.2 | cpe:2.3:a:apache:http_server:2.3.2:*:*:*:*:*:*:* |
apache | http_server | 2.3.3 | cpe:2.3:a:apache:http_server:2.3.3:*:*:*:*:*:*:* |
apache | http_server | 2.3.4 | cpe:2.3:a:apache:http_server:2.3.4:*:*:*:*:*:*:* |
apache | http_server | 2.3.5 | cpe:2.3:a:apache:http_server:2.3.5:*:*:*:*:*:*:* |
apache | http_server | 2.3.6 | cpe:2.3:a:apache:http_server:2.3.6:*:*:*:*:*:*:* |
microsoft | windows | * | cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:* |
apache | http_server | 2.0.9 | cpe:2.3:a:apache:http_server:2.0.9:*:*:*:*:*:*:* |
apache | http_server | 2.0.28 | cpe:2.3:a:apache:http_server:2.0.28:*:*:*:*:*:*:* |
httpd.apache.org/security/vulnerabilities_20.html
httpd.apache.org/security/vulnerabilities_22.html
lists.vmware.com/pipermail/security-announce/2010/000105.html
secunia.com/advisories/38978
secunia.com/advisories/39628
svn.apache.org/viewvc/httpd/httpd/trunk/CHANGES?r1=917870&r2=917869&pathrev=917870
svn.apache.org/viewvc/httpd/httpd/trunk/modules/arch/win32/mod_isapi.c?r1=917870&r2=917869&pathrev=917870
svn.apache.org/viewvc?view=revision&revision=917870
www-01.ibm.com/support/docview.wss?uid=swg1PM09447
www-01.ibm.com/support/docview.wss?uid=swg1PM12247
www.kb.cert.org/vuls/id/280613
www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html
www.securityfocus.com/bid/38494
www.securitytracker.com/id?1023701
www.senseofsecurity.com.au/advisories/SOS-10-002
www.vmware.com/security/advisories/VMSA-2010-0014.html
www.vupen.com/english/advisories/2010/0634
www.vupen.com/english/advisories/2010/0994
exchange.xforce.ibmcloud.com/vulnerabilities/56624
lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E
lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E
lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E
lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E
lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E
lists.apache.org/thread.html/r2295080a257bad27ea68ca0af12fc715577f9e84801eae116a33107e%40%3Ccvs.httpd.apache.org%3E
lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3E
lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E
lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4%40%3Ccvs.httpd.apache.org%3E
lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E
lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3E
lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3E
lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E
lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E
lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3Ccvs.httpd.apache.org%3E
lists.apache.org/thread.html/rad2acee3ab838b52c04a0698b1728a9a43467bf365bd481c993c535d%40%3Ccvs.httpd.apache.org%3E
lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10%40%3Ccvs.httpd.apache.org%3E
lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E
lists.apache.org/thread.html/reb7c64aeea604bf948467d9d1cab8ff23fa7d002be1964bcc275aae7%40%3Ccvs.httpd.apache.org%3E
lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E
lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8439
www.exploit-db.com/exploits/11650