CVE-2010-0434

2010-03-0500:00:00

ubuntu.com

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

0.003 Low

EPSS

Percentile

70.2%

JSON

The ap_read_request function in server/protocol.c in the Apache HTTP Server
2.2.x before 2.2.15, when a multithreaded MPM is used, does not properly
handle headers in subrequests in certain circumstances involving a parent
request that has a body, which might allow remote attackers to obtain
sensitive information via a crafted request that triggers access to memory
locations associated with an earlier request.

Bugs

<https://issues.apache.org/bugzilla/show_bug.cgi?id=48359>

OSVersionArchitecturePackageVersionFilename
ubuntu6.06noarchapache2< 2.0.55-4ubuntu2.10UNKNOWN
ubuntu8.04noarchapache2< 2.2.8-1ubuntu0.15UNKNOWN
ubuntu8.10noarchapache2< 2.2.9-7ubuntu3.6UNKNOWN
ubuntu9.04noarchapache2< 2.2.11-2ubuntu2.6UNKNOWN
ubuntu9.10noarchapache2< 2.2.12-1ubuntu2.2UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	6.06	noarch	apache2	< 2.0.55-4ubuntu2.10	UNKNOWN
ubuntu	8.04	noarch	apache2	< 2.2.8-1ubuntu0.15	UNKNOWN
ubuntu	8.10	noarch	apache2	< 2.2.9-7ubuntu3.6	UNKNOWN
ubuntu	9.04	noarch	apache2	< 2.2.11-2ubuntu2.6	UNKNOWN
ubuntu	9.10	noarch	apache2	< 2.2.12-1ubuntu2.2	UNKNOWN