6.8

CVE-2010-0010

Exploit
Integer overflow in the ap_proxy_send_fb function in proxy/proxy_util.c in mod_proxy in the Apache HTTP Server before 1.3.42 on 64-bit platforms allows remote origin servers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a large chunk size that triggers a heap-based buffer overflow.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
ApacheHTTP Server Version <= 1.3.41
ApacheHTTP Server Version0.8.11
ApacheHTTP Server Version0.8.14
ApacheHTTP Server Version1.0
ApacheHTTP Server Version1.0.3
ApacheHTTP Server Version1.0.5
ApacheHTTP Server Version1.1
ApacheHTTP Server Version1.2
ApacheHTTP Server Version1.2.4
ApacheHTTP Server Version1.2.5
ApacheHTTP Server Version1.2.6
ApacheHTTP Server Version1.3
ApacheHTTP Server Version1.3.0
ApacheHTTP Server Version1.3.1
ApacheHTTP Server Version1.3.2
ApacheHTTP Server Version1.3.3
ApacheHTTP Server Version1.3.4
ApacheHTTP Server Version1.3.10
ApacheHTTP Server Version1.3.11
ApacheHTTP Server Version1.3.12
ApacheHTTP Server Version1.3.13
ApacheHTTP Server Version1.3.14
ApacheHTTP Server Version1.3.15
ApacheHTTP Server Version1.3.17
ApacheHTTP Server Version1.3.18
ApacheHTTP Server Version1.3.19
ApacheHTTP Server Version1.3.20
ApacheHTTP Server Version1.3.22
ApacheHTTP Server Version1.3.23
ApacheHTTP Server Version1.3.24
ApacheHTTP Server Version1.3.25
ApacheHTTP Server Version1.3.26
ApacheHTTP Server Version1.3.27
ApacheHTTP Server Version1.3.28
ApacheHTTP Server Version1.3.29
ApacheHTTP Server Version1.3.30
ApacheHTTP Server Version1.3.31
ApacheHTTP Server Version1.3.32
ApacheHTTP Server Version1.3.33
ApacheHTTP Server Version1.3.34
ApacheHTTP Server Version1.3.35
ApacheHTTP Server Version1.3.36
ApacheHTTP Server Version1.3.37
ApacheHTTP Server Version1.3.38
ApacheHTTP Server Version1.3.39
ApacheHTTP Server Version1.3.40
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 43.42% 0.986
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.8 8.6 6.4
AV:N/AC:M/Au:N/C:P/I:P/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rf2f0f3611f937cf6cfb3b4fe4a67f69885855126110e1e3f2fb2728e%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E
http://marc.info/?l=bugtraq&m=130497311408250&w=2
https://lists.apache.org/thread.html/r2295080a257bad27ea68ca0af12fc715577f9e84801eae116a33107e%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/reb7c64aeea604bf948467d9d1cab8ff23fa7d002be1964bcc275aae7%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rad2acee3ab838b52c04a0698b1728a9a43467bf365bd481c993c535d%40%3Ccvs.httpd.apache.org%3E
http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00006.html
http://secunia.com/advisories/39656
http://www.vupen.com/english/advisories/2010/1001
http://archives.neohapsis.com/archives/fulldisclosure/2010-01/0589.html
Exploit
http://blog.pi3.com.pl/?p=69
http://httpd.apache.org/dev/dist/CHANGES_1.3.42
http://packetstormsecurity.org/1001-exploits/modproxy-overflow.txt
Exploit
http://secunia.com/advisories/38319
Vendor Advisory
http://site.pi3.com.pl/adv/mod_proxy.txt
http://www.securityfocus.com/archive/1/509185/100/0/threaded
http://www.securityfocus.com/bid/37966
Exploit
http://www.securitytracker.com/id?1023533
http://www.vupen.com/english/advisories/2010/0240
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/55941
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7923