10 matches found
CVE-2010-0425
CVE-2010-0425 affects Apache HTTP Server on Windows with ISAPI module mod_isapi (DLLs in 2.0.37–2.0.63, 2.2.0–2.2.14, and 2.3.x before 2.3.7). Root cause: mod_isapi may unload an ISAPI DLL before request processing finishes, causing memory corruption. Impact: remote code execution or denial of se...
CVE-2010-0408
CVE-2010-0408 affects the Apache HTTP Server 2.2.x prior to 2.2.15. The ap_proxy_ajp_request function in mod_proxy_ajp.c mishandles requests when a client sends no request body, allowing remote attackers to trigger a denial of service (backend server outage) by crafting a request. The issue is re...
CVE-2010-1452
CVE-2010-1452 affects Apache HTTP Server 2.2.x (before 2.2.16) via the mod_cache and mod_dav components. A request that lacks a path can crash the server, causing a denial of service. Debian advisories and related vendor notes confirm the issue and describe fixes/upgrades to 2.2.16 (and subsequen...
CVE-2010-2068
CVE-2010-2068 affects Apache HTTP ServerAffected: mod_proxy_http.c in Apache HTTP Server 2.2.9–2.2.15, 2.3.4-alpha, and 2.3.5-alpha on Windows, NetWare, OS/2 in certain proxy worker pool configurations.Root cause: timeout handling in mod_proxy_http did not correctly detect timeouts, allowing a re...
CVE-2010-0434
CVE-2010-0434 affects the Apache HTTP Server 2.2.x series (pre-2.2.15) where the ap_read_request handling in server/protocol.c for multithreaded MPMs could disclose memory contents by accessing headers of subrequests tied to an earlier request. Public sources in connected docs (e.g., Debian secur...
CVE-2010-1623
The CVE-2010-1623 issue affects the APR-util library (apr_brigade_split_line in buckets/apr_brigade.c) prior to version 1.3.10, where a memory leak can allow remote attackers to cause denial of service through memory consumption related to APR bucket destruction. Affected products commonly includ...
CVE-2010-0010
The CVE-2010-0010 issue affects Apache HTTP Server’s mod_proxy (proxy_util.c) on 64-bit platforms. The root cause is an integer overflow in the ap_proxy_send_fb function when handling large chunk sizes, which can trigger a heap-based buffer overflow. This condition enables a remote origin server ...
CVE-2010-2791
The CVE-2010-2791 issue affects Apache HTTP Server 2.2.x on Unix, where mod_proxy in httpd can fail to close the backend connection after a timeout while reading from a persistent connection. This can allow a remote attacker to obtain a potentially sensitive response intended for another client u...
CVE-2003-1580
The CVE-2003-1580 issue affects Apache HTTP Server 2.0.44 when DNS resolution is enabled for client IPs. The vulnerability arises from a logging format that does not indicate whether a dotted-quad IP address is unresolved, which can allow remote attackers to spoof IP addresses by sending crafted ...
CVE-2003-1581
CVE-2003-1581 affects Apache HTTP Server 2.0.44: when DNS resolution is enabled for client IPs, remote attackers can inject arbitrary text into log files via an HTTP request paired with a crafted DNS response, demonstrated as XSS sequences (Inverse Lookup Log Corruption). The connected sources co...