Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
osvGoogleOSV:DSA-2035-1
HistoryApr 17, 2010 - 12:00 a.m.

apache2 - several issues

2010-04-1700:00:00
Google
osv.dev
9

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.036 Low

EPSS

Percentile

90.4%

JSON

Two issues have been found in the Apache HTTPD web server:

  • CVE-2010-0408
    mod_proxy_ajp would return the wrong status code if it encountered an
    error, causing a backend server to be put into an error state until the
    retry timeout expired. A remote attacker could send malicious requests
    to trigger this issue, resulting in denial of service.
  • CVE-2010-0434
    A flaw in the core subrequest process code was found, which could lead
    to a daemon crash (segfault) or disclosure of sensitive information
    if the headers of a subrequest were modified by modules such as
    mod_headers.

For the stable distribution (lenny), these problems have been fixed in
version 2.2.9-10+lenny7.

For the testing distribution (squeeze) and the unstable distribution
(sid), these problems have been fixed in version 2.2.15-1.

This advisory also provides updated apache2-mpm-itk packages which
have been recompiled against the new apache2 packages.

We recommend that you upgrade your apache2 and apache2-mpm-itk packages.

Related

debian 2
nessus 30
redhat 3
openvas 34
centos 2
oraclelinux 2
ubuntu 1
fedora 3
veracode 2
seebug 1
ubuntucve 2
securityvulns 6
prion 2
httpd 3
kaspersky 2
f5 4
debiancve 2
cve 2
slackware 1
gentoo 1
altlinux 3
vmware 2
oracle 2
debian
debian
[SECURITY] [DSA-2035-1] New apache2 packages fix several issues
2010-04-17 20:58:14
[SECURITY] [DSA-2035-1] New apache2 packages fix several issues
2010-04-17 20:58:14
nessus
nessus
Scientific Linux Security Update : httpd on SL5.x i386/x86_64
2012-08-01 00:00:00
RHEL 5 : httpd (RHSA-2010:0168)
2010-05-11 00:00:00
openSUSE Security Update : apache2 (openSUSE-SU-2010:0165-1)
2010-04-27 00:00:00
redhat
redhat
(RHSA-2010:0396) Moderate: httpd and httpd22 security and enhancement update
2010-05-05 00:00:00
(RHSA-2010:0168) Moderate: httpd security and enhancement update
2010-03-25 00:00:00
(RHSA-2010:0175) Low: httpd security, bug fix, and enhancement update
2010-03-25 00:00:00
openvas
openvas
Ubuntu Update for apache2 vulnerabilities USN-908-1
2010-03-12 00:00:00
RedHat Update for httpd RHSA-2010:0168-01
2010-03-31 00:00:00
CentOS Update for httpd CESA-2010:0168 centos5 i386
2011-08-09 00:00:00
centos
centos
httpd, mod_ssl security update
2010-03-28 15:40:00
httpd, mod_ssl security update
2010-03-28 20:51:15
oraclelinux
oraclelinux
httpd security and enhancement update
2010-03-25 00:00:00
httpd security, bug fix, and enhancement update
2010-03-25 00:00:00
ubuntu
ubuntu
Apache vulnerabilities
2010-03-10 00:00:00
fedora
fedora
[SECURITY] Fedora 12 Update: httpd-2.2.15-1.fc12.2
2010-05-31 18:25:29
[SECURITY] Fedora 11 Update: httpd-2.2.15-1.fc11.1
2010-05-04 06:06:43
[SECURITY] Fedora 13 Update: httpd-2.2.15-1.fc13
2010-04-22 22:51:41
veracode
veracode
Information Disclosure
2020-04-10 00:47:47
Denial Of Service (DoS)
2020-04-10 00:47:47
seebug
seebug
Apache 2.2.x子请求处理信息泄露漏洞
2010-03-23 00:00:00
ubuntucve
ubuntucve
CVE-2010-0434
2010-03-05 00:00:00
CVE-2010-0408
2010-03-05 00:00:00
securityvulns
securityvulns
[ MDVSA-2010:057 ] apache
2010-03-09 00:00:00
Apache HTTPD information leak
2010-03-09 00:00:00
Apple Mac OS X and QuickTime multiple security vulnerabilities
2013-11-18 00:00:00
prion
prion
Design/Logic Flaw
2010-03-05 19:30:00
Design/Logic Flaw
2010-03-05 16:30:00
httpd
httpd
Apache Httpd < 2.2.15 : Subrequest handling of request headers (mod_headers)
2009-12-09 00:00:00
Apache Httpd < 2.0.64 : Subrequest handling of request headers (mod_headers)
2009-12-09 00:00:00
Apache Httpd < 2.2.15 : mod_proxy_ajp DoS
2010-02-02 00:00:00
kaspersky
kaspersky
KLA10386 Multiple vulnerabilities in VMware
2010-09-23 00:00:00
KLA10066 Multiple vulnerabilities in Apache httpd
2010-10-19 00:00:00
f5
f5
K40284849 : Apache vulnerability CVE-2010-0434
2015-12-23 00:00:00
SOL40284849 - Apache vulnerability CVE-2010-0434
2015-12-23 00:00:00
K52470083 : Apache vulnerability CVE-2010-0408
2015-12-23 00:00:00
debiancve
debiancve
CVE-2010-0434
2010-03-05 19:30:00
CVE-2010-0408
2010-03-05 16:30:00
cve
cve
CVE-2010-0434
2010-03-05 19:30:00
CVE-2010-0408
2010-03-05 16:30:00
slackware
slackware
[slackware-security] httpd
2010-03-08 22:39:33
gentoo
gentoo
Apache HTTP Server: Multiple vulnerabilities
2012-06-24 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 10 package apache2 version 2.2.16-alt1
2010-09-16 00:00:00
Security fix for the ALT Linux 8 package apache2 version 2.2.16-alt1
2010-09-16 00:00:00
Security fix for the ALT Linux 9 package apache2 version 2.2.16-alt1
2010-09-16 00:00:00
vmware
vmware
VMware Workstation, Player, and ACE address several security issues.
2010-09-23 00:00:00
VMware Workstation, Player, and ACE address several security issues.
2010-09-23 00:00:00
oracle
oracle
Oracle Critical Patch Update - July 2013
2013-07-16 00:00:00
Oracle Critical Patch Update - April 2013
2013-04-16 00:00:00

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.036 Low

EPSS

Percentile

90.4%

JSON
Related for OSV:DSA-2035-1
debian2nessus30redhat3openvas34centos2oraclelinux2ubuntu1fedora3veracode2seebug1ubuntucve2securityvulns6prion2httpd3kaspersky2f54debiancve2cve2slackware1gentoo1altlinux3vmware2oracle2