Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2010-0434

Опубликовано: 05 мар. 2010
Источник: nvd
CVSS2: 4.3
EPSS Низкий

Описание

The ap_read_request function in server/protocol.c in the Apache HTTP Server 2.2.x before 2.2.15, when a multithreaded MPM is used, does not properly handle headers in subrequests in certain circumstances involving a parent request that has a body, which might allow remote attackers to obtain sensitive information via a crafted request that triggers access to memory locations associated with an earlier request.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*
Версия от 2.0.35 (включая) до 2.0.64 (исключая)
cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*
Версия от 2.2.0 (включая) до 2.2.15 (исключая)
Конфигурация 2

Одно из

cpe:2.3:o:fedoraproject:fedora:11:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:13:*:*:*:*:*:*:*
Конфигурация 3

Одно из

cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*

EPSS

Процентиль: 85%
0.02554
Низкий

4.3 Medium

CVSS2

Дефекты

CWE-200

Связанные уязвимости

ubuntu логотип

CVE-2010-0434

ubuntu
больше 15 лет назад

The ap_read_request function in server/protocol.c in the Apache HTTP Server 2.2.x before 2.2.15, when a multithreaded MPM is used, does not properly handle headers in subrequests in certain circumstances involving a parent request that has a body, which might allow remote attackers to obtain sensitive information via a crafted request that triggers access to memory locations associated with an earlier request.

redhat логотип

CVE-2010-0434

redhat
больше 15 лет назад

The ap_read_request function in server/protocol.c in the Apache HTTP Server 2.2.x before 2.2.15, when a multithreaded MPM is used, does not properly handle headers in subrequests in certain circumstances involving a parent request that has a body, which might allow remote attackers to obtain sensitive information via a crafted request that triggers access to memory locations associated with an earlier request.

debian логотип

CVE-2010-0434

debian
больше 15 лет назад

The ap_read_request function in server/protocol.c in the Apache HTTP S ...

github логотип

GHSA-jm28-fmm3-4cr6

github
около 3 лет назад

The ap_read_request function in server/protocol.c in the Apache HTTP Server 2.2.x before 2.2.15, when a multithreaded MPM is used, does not properly handle headers in subrequests in certain circumstances involving a parent request that has a body, which might allow remote attackers to obtain sensitive information via a crafted request that triggers access to memory locations associated with an earlier request.

oracle-oval логотип

ELSA-2010-0168

oracle-oval
около 15 лет назад

ELSA-2010-0168: httpd security and enhancement update (MODERATE)

EPSS

Процентиль: 85%
0.02554
Низкий

4.3 Medium

CVSS2

Дефекты

CWE-200