10

CVE-2010-0425

Exploit
modules/arch/win32/mod_isapi.c in mod_isapi in the Apache HTTP Server 2.0.37 through 2.0.63, 2.2.0 through 2.2.14, and 2.3.x before 2.3.7, when running on Windows, does not ensure that request processing is complete before calling isapi_unload for an ISAPI .dll module, which allows remote attackers to execute arbitrary code via unspecified vectors related to a crafted request, a reset packet, and "orphaned callback pointers."
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
ApacheHTTP Server Version >= 2.0.37 < 2.0.64
   MicrosoftWindows Version-
ApacheHTTP Server Version >= 2.2.0 < 2.2.15
   MicrosoftWindows Version-
ApacheHTTP Server Version >= 2.3.0 < 2.3.7
   MicrosoftWindows Version-
IbmHTTP Server Version6.0.2
   MicrosoftWindows Version-
IbmHTTP Server Version6.0.2.1
   MicrosoftWindows Version-
IbmHTTP Server Version6.0.2.3
   MicrosoftWindows Version-
IbmHTTP Server Version6.0.2.7
   MicrosoftWindows Version-
IbmHTTP Server Version6.0.2.9
   MicrosoftWindows Version-
IbmHTTP Server Version6.0.2.11
   MicrosoftWindows Version-
IbmHTTP Server Version6.0.2.13
   MicrosoftWindows Version-
IbmHTTP Server Version6.0.2.15
   MicrosoftWindows Version-
IbmHTTP Server Version6.0.2.19
   MicrosoftWindows Version-
IbmHTTP Server Version6.0.2.21
   MicrosoftWindows Version-
IbmHTTP Server Version6.0.2.23
   MicrosoftWindows Version-
IbmHTTP Server Version6.0.2.25
   MicrosoftWindows Version-
IbmHTTP Server Version6.0.2.27
   MicrosoftWindows Version-
IbmHTTP Server Version6.0.2.29
   MicrosoftWindows Version-
IbmHTTP Server Version6.0.2.31
   MicrosoftWindows Version-
IbmHTTP Server Version6.0.2.33
   MicrosoftWindows Version-
IbmHTTP Server Version6.0.2.35
   MicrosoftWindows Version-
IbmHTTP Server Version6.0.2.37
   MicrosoftWindows Version-
IbmHTTP Server Version6.0.2.39
   MicrosoftWindows Version-
IbmHTTP Server Version6.1
   MicrosoftWindows Version-
IbmHTTP Server Version6.1.0.2
   MicrosoftWindows Version-
IbmHTTP Server Version6.1.0.3
   MicrosoftWindows Version-
IbmHTTP Server Version6.1.0.5
   MicrosoftWindows Version-
IbmHTTP Server Version6.1.0.7
   MicrosoftWindows Version-
IbmHTTP Server Version6.1.0.9
   MicrosoftWindows Version-
IbmHTTP Server Version6.1.0.11
   MicrosoftWindows Version-
IbmHTTP Server Version6.1.0.13
   MicrosoftWindows Version-
IbmHTTP Server Version6.1.0.15
   MicrosoftWindows Version-
IbmHTTP Server Version6.1.0.17
   MicrosoftWindows Version-
IbmHTTP Server Version6.1.0.19
   MicrosoftWindows Version-
IbmHTTP Server Version6.1.0.21
   MicrosoftWindows Version-
IbmHTTP Server Version6.1.0.23
   MicrosoftWindows Version-
IbmHTTP Server Version6.1.0.25
   MicrosoftWindows Version-
IbmHTTP Server Version6.1.0.27
   MicrosoftWindows Version-
IbmHTTP Server Version6.1.0.29
   MicrosoftWindows Version-
OracleHTTP Server Version10.1.3.5.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 94.25% 0.998
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 10 10 10
AV:N/AC:L/Au:N/C:C/I:C/A:C
Es wurden noch keine Informationen zu CWE veröffentlicht.
https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E
Mailing List
Issue Tracking
https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E
Mailing List
Issue Tracking
https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4%40%3Ccvs.httpd.apache.org%3E
Mailing List
Issue Tracking
https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10%40%3Ccvs.httpd.apache.org%3E
Mailing List
Issue Tracking
https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E
Mailing List
Issue Tracking
https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E
Mailing List
Issue Tracking
https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E
Mailing List
Issue Tracking
https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3E
Mailing List
Issue Tracking
https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3E
Mailing List
Issue Tracking
https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3E
Mailing List
Issue Tracking
http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html
Third Party Advisory
https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E
Mailing List
Issue Tracking
https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E
Mailing List
Issue Tracking
https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3Ccvs.httpd.apache.org%3E
Mailing List
Issue Tracking
http://httpd.apache.org/security/vulnerabilities_22.html
Vendor Advisory
https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E
Mailing List
Issue Tracking
https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E
Mailing List
Issue Tracking
https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E
Mailing List
Issue Tracking
https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E
Mailing List
Issue Tracking
https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E
Mailing List
Issue Tracking
http://httpd.apache.org/security/vulnerabilities_20.html
Vendor Advisory
https://lists.apache.org/thread.html/r2295080a257bad27ea68ca0af12fc715577f9e84801eae116a33107e%40%3Ccvs.httpd.apache.org%3E
Mailing List
Issue Tracking
https://lists.apache.org/thread.html/reb7c64aeea604bf948467d9d1cab8ff23fa7d002be1964bcc275aae7%40%3Ccvs.httpd.apache.org%3E
Mailing List
Issue Tracking
https://lists.apache.org/thread.html/rad2acee3ab838b52c04a0698b1728a9a43467bf365bd481c993c535d%40%3Ccvs.httpd.apache.org%3E
Mailing List
Issue Tracking
http://secunia.com/advisories/39628
Broken Link
http://www-01.ibm.com/support/docview.wss?uid=swg1PM12247
Third Party Advisory
http://www.vupen.com/english/advisories/2010/0994
Vendor Advisory
Broken Link
Mailing List
Issue Tracking
http://lists.vmware.com/pipermail/security-announce/2010/000105.html
Broken Link
http://www.vmware.com/security/advisories/VMSA-2010-0014.html
Third Party Advisory
http://secunia.com/advisories/38978
Broken Link
http://svn.apache.org/viewvc/httpd/httpd/trunk/CHANGES?r1=917870&r2=917869&pathrev=917870
Permissions Required
http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/arch/win32/mod_isapi.c?r1=917870&r2=917869&pathrev=917870
Permissions Required
http://svn.apache.org/viewvc?view=revision&revision=917870
Permissions Required
http://www-01.ibm.com/support/docview.wss?uid=swg1PM09447
Third Party Advisory
http://www.kb.cert.org/vuls/id/280613
Third Party Advisory
US Government Resource
http://www.securityfocus.com/bid/38494
Exploit
Broken Link
http://www.securitytracker.com/id?1023701
Broken Link
http://www.senseofsecurity.com.au/advisories/SOS-10-002
Third Party Advisory
URL Repurposed
http://www.vupen.com/english/advisories/2010/0634
Vendor Advisory
Broken Link
https://exchange.xforce.ibmcloud.com/vulnerabilities/56624
Third Party Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8439
Broken Link
https://www.exploit-db.com/exploits/11650
Third Party Advisory