5

CVE-2010-0408

The ap_proxy_ajp_request function in mod_proxy_ajp.c in mod_proxy_ajp in the Apache HTTP Server 2.2.x before 2.2.15 does not properly handle certain situations in which a client sends no request body, which allows remote attackers to cause a denial of service (backend server outage) via a crafted request, related to use of a 500 error code instead of the appropriate 400 error code.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
ApacheHTTP Server Version2.2
ApacheHTTP Server Version2.2.0
ApacheHTTP Server Version2.2.2
ApacheHTTP Server Version2.2.3
ApacheHTTP Server Version2.2.4
ApacheHTTP Server Version2.2.6
ApacheHTTP Server Version2.2.8
ApacheHTTP Server Version2.2.9
ApacheHTTP Server Version2.2.11
ApacheHTTP Server Version2.2.12
ApacheHTTP Server Version2.2.13
ApacheHTTP Server Version2.2.14
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 20.79% 0.972
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:N/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E
Third Party Advisory
Mailing List
https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E
Third Party Advisory
Mailing List
http://www.mandriva.com/security/advisories?name=MDVSA-2013:150
Third Party Advisory
Broken Link
https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E
Third Party Advisory
Mailing List
https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E
Third Party Advisory
Mailing List
http://httpd.apache.org/security/vulnerabilities_22.html
Patch
Vendor Advisory
http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html
Third Party Advisory
https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E
Third Party Advisory
Mailing List
https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E
Third Party Advisory
Mailing List
https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E
Third Party Advisory
Mailing List
https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E
Third Party Advisory
Mailing List
https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E
Third Party Advisory
Mailing List
http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html
Mailing List
http://support.apple.com/kb/HT4435
Broken Link
https://lists.apache.org/thread.html/r2295080a257bad27ea68ca0af12fc715577f9e84801eae116a33107e%40%3Ccvs.httpd.apache.org%3E
Third Party Advisory
Mailing List
https://lists.apache.org/thread.html/reb7c64aeea604bf948467d9d1cab8ff23fa7d002be1964bcc275aae7%40%3Ccvs.httpd.apache.org%3E
Third Party Advisory
Mailing List
https://lists.apache.org/thread.html/rad2acee3ab838b52c04a0698b1728a9a43467bf365bd481c993c535d%40%3Ccvs.httpd.apache.org%3E
Third Party Advisory
Mailing List
http://marc.info/?l=bugtraq&m=127557640302499&w=2
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00006.html
Third Party Advisory
http://secunia.com/advisories/39656
URL Repurposed
http://www.vupen.com/english/advisories/2010/1001
Broken Link
http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039957.html
Third Party Advisory
Mailing List
http://lists.fedoraproject.org/pipermail/package-announce/2010-May/040652.html
Third Party Advisory
Mailing List
http://secunia.com/advisories/39628
URL Repurposed
http://secunia.com/advisories/39632
URL Repurposed
http://www-01.ibm.com/support/docview.wss?uid=swg1PM12247
Third Party Advisory
http://www.vupen.com/english/advisories/2010/0994
Broken Link
http://secunia.com/advisories/39100
URL Repurposed
http://secunia.com/advisories/39501
URL Repurposed
http://secunia.com/advisories/40096
URL Repurposed
http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/modules/proxy/mod_proxy_ajp.c?r1=917876&r2=917875&pathrev=917876
Patch
Third Party Advisory
http://svn.apache.org/viewvc?view=revision&revision=917876
Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg1PM08939
Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg1PM15829
Third Party Advisory
http://www.debian.org/security/2010/dsa-2035
Third Party Advisory
VDB Entry
http://www.mandriva.com/security/advisories?name=MDVSA-2010:053
Broken Link
http://www.redhat.com/support/errata/RHSA-2010-0168.html
Broken Link
http://www.securityfocus.com/bid/38491
Broken Link
http://www.vupen.com/english/advisories/2010/0911
Broken Link
http://www.vupen.com/english/advisories/2010/1057
Broken Link
http://www.vupen.com/english/advisories/2010/1411
Broken Link
https://bugzilla.redhat.com/show_bug.cgi?id=569905
Third Party Advisory
Issue Tracking
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8619
Broken Link
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9935
Broken Link