CVE-2010-0425

Опубликовано: 05 мар. 2010

Источник: nvd

CVSS2: 10

EPSS Высокий

Описание

modules/arch/win32/mod_isapi.c in mod_isapi in the Apache HTTP Server 2.0.37 through 2.0.63, 2.2.0 through 2.2.14, and 2.3.x before 2.3.7, when running on Windows, does not ensure that request processing is complete before calling isapi_unload for an ISAPI .dll module, which allows remote attackers to execute arbitrary code via unspecified vectors related to a crafted request, a reset packet, and "orphaned callback pointers."

Ссылки

http://httpd.apache.org/security/vulnerabilities_20.html
Vendor Advisory
http://httpd.apache.org/security/vulnerabilities_22.html
Vendor Advisory
http://lists.vmware.com/pipermail/security-announce/2010/000105.html
Broken Link
http://secunia.com/advisories/38978
Broken Link
http://secunia.com/advisories/39628
Broken Link
http://svn.apache.org/viewvc/httpd/httpd/trunk/CHANGES?r1=917870&r2=917869&pathrev=917870
Permissions Required
http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/arch/win32/mod_isapi.c?r1=917870&r2=917869&pathrev=917870
Permissions Required
http://svn.apache.org/viewvc?view=revision&revision=917870
Permissions Required
http://www-01.ibm.com/support/docview.wss?uid=swg1PM09447
Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg1PM12247
Third Party Advisory
http://www.kb.cert.org/vuls/id/280613
Third Party Advisory
US Government Resource
http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html
Third Party Advisory
http://www.securityfocus.com/bid/38494
Broken Link
Exploit
http://www.securitytracker.com/id?1023701
Broken Link
http://www.senseofsecurity.com.au/advisories/SOS-10-002
Third Party Advisory
URL Repurposed
http://www.vmware.com/security/advisories/VMSA-2010-0014.html
Third Party Advisory
http://www.vupen.com/english/advisories/2010/0634
Broken Link
Vendor Advisory
http://www.vupen.com/english/advisories/2010/0994
Broken Link
Issue Tracking
Mailing List
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/56624
Third Party Advisory
https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E
Issue Tracking
Mailing List

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:ibm:websphere_application_server:*:*:*:*:*:z\/os:*:*

Версия от 6.1 (включая) до 6.1.0.31 (исключая)

Конфигурация 2

Одновременно

Одно из

cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*

Версия от 2.0.37 (включая) до 2.0.64 (исключая)

cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*

Версия от 2.2.0 (включая) до 2.2.15 (исключая)

cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*

Версия от 2.3.0 (включая) до 2.3.7 (исключая)

cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

Конфигурация 3

Одновременно

Одно из

cpe:2.3:a:ibm:http_server:6.0.2:*:*:*:*:*:*:*

cpe:2.3:a:ibm:http_server:6.0.2.1:*:*:*:*:*:*:*

cpe:2.3:a:ibm:http_server:6.0.2.3:*:*:*:*:*:*:*

cpe:2.3:a:ibm:http_server:6.0.2.7:*:*:*:*:*:*:*

cpe:2.3:a:ibm:http_server:6.0.2.9:*:*:*:*:*:*:*

cpe:2.3:a:ibm:http_server:6.0.2.11:*:*:*:*:*:*:*

cpe:2.3:a:ibm:http_server:6.0.2.13:*:*:*:*:*:*:*

cpe:2.3:a:ibm:http_server:6.0.2.15:*:*:*:*:*:*:*

cpe:2.3:a:ibm:http_server:6.0.2.19:*:*:*:*:*:*:*

cpe:2.3:a:ibm:http_server:6.0.2.21:*:*:*:*:*:*:*

cpe:2.3:a:ibm:http_server:6.0.2.23:*:*:*:*:*:*:*

cpe:2.3:a:ibm:http_server:6.0.2.25:*:*:*:*:*:*:*

cpe:2.3:a:ibm:http_server:6.0.2.27:*:*:*:*:*:*:*

cpe:2.3:a:ibm:http_server:6.0.2.29:*:*:*:*:*:*:*

cpe:2.3:a:ibm:http_server:6.0.2.31:*:*:*:*:*:*:*

cpe:2.3:a:ibm:http_server:6.0.2.33:*:*:*:*:*:*:*

cpe:2.3:a:ibm:http_server:6.0.2.35:*:*:*:*:*:*:*

cpe:2.3:a:ibm:http_server:6.0.2.37:*:*:*:*:*:*:*

cpe:2.3:a:ibm:http_server:6.0.2.39:*:*:*:*:*:*:*

cpe:2.3:a:ibm:http_server:6.1:*:*:*:*:*:*:*

cpe:2.3:a:ibm:http_server:6.1.0.2:*:*:*:*:*:*:*

cpe:2.3:a:ibm:http_server:6.1.0.3:*:*:*:*:*:*:*

cpe:2.3:a:ibm:http_server:6.1.0.5:*:*:*:*:*:*:*

cpe:2.3:a:ibm:http_server:6.1.0.7:*:*:*:*:*:*:*

cpe:2.3:a:ibm:http_server:6.1.0.9:*:*:*:*:*:*:*

cpe:2.3:a:ibm:http_server:6.1.0.11:*:*:*:*:*:*:*

cpe:2.3:a:ibm:http_server:6.1.0.13:*:*:*:*:*:*:*

cpe:2.3:a:ibm:http_server:6.1.0.15:*:*:*:*:*:*:*

cpe:2.3:a:ibm:http_server:6.1.0.17:*:*:*:*:*:*:*

cpe:2.3:a:ibm:http_server:6.1.0.19:*:*:*:*:*:*:*

cpe:2.3:a:ibm:http_server:6.1.0.21:*:*:*:*:*:*:*

cpe:2.3:a:ibm:http_server:6.1.0.23:*:*:*:*:*:*:*

cpe:2.3:a:ibm:http_server:6.1.0.25:*:*:*:*:*:*:*

cpe:2.3:a:ibm:http_server:6.1.0.27:*:*:*:*:*:*:*

cpe:2.3:a:ibm:http_server:6.1.0.29:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

Конфигурация 4

cpe:2.3:a:oracle:http_server:10.1.3.5.0:*:*:*:*:*:*:*

Конфигурация 5

cpe:2.3:a:broadcom:vmware_ace_management_server:*:*:*:*:*:*:*:*

Версия до 2.7.2 (исключая)

EPSS

Процентиль: 99%

0.86822

Высокий

10 Critical

CVSS2

Дефекты

NVD-CWE-noinfo

Связанные уязвимости

CVE-2010-0425

ubuntu

почти 16 лет назад

CVE-2010-0425

debian

почти 16 лет назад

modules/arch/win32/mod_isapi.c in mod_isapi in the Apache HTTP Server ...

GHSA-wv6c-mphw-ggxf

github

больше 3 лет назад

SUSE-SU-2017:2907-1

suse-cvrf

около 8 лет назад

Security update for apache2

EPSS

Процентиль: 99%

0.86822

Высокий

10 Critical

CVSS2

Дефекты

NVD-CWE-noinfo