10

CVE-2010-0425

Exploit

EPSS 86.82%
Published 05.03.2010 19:30:00
Last modified 24.07.2025 17:43:53
Source secalert@redhat.com
Teams watchlist Login
Open Login

modules/arch/win32/mod_isapi.c in mod_isapi in the Apache HTTP Server 2.0.37 through 2.0.63, 2.2.0 through 2.2.14, and 2.3.x before 2.3.7, when running on Windows, does not ensure that request processing is complete before calling isapi_unload for an ISAPI .dll module, which allows remote attackers to execute arbitrary code via unspecified vectors related to a crafted request, a reset packet, and "orphaned callback pointers."

Affected products Warnungen 0 Metrics 2 CWE 0 References 45

Data is provided by the National Vulnerability Database (NVD)

Ibm ≫ Websphere Application Server SwPlatformz/os Version >= 6.1 < 6.1.0.31

Apache ≫ HTTP Server Version >= 2.0.37 < 2.0.64

Microsoft ≫ Windows Version-

Apache ≫ HTTP Server Version >= 2.2.0 < 2.2.15

Microsoft ≫ Windows Version-

Apache ≫ HTTP Server Version >= 2.3.0 < 2.3.7

Microsoft ≫ Windows Version-

Ibm ≫ HTTP Server Version6.0.2

Microsoft ≫ Windows Version-

Ibm ≫ HTTP Server Version6.0.2.1

Microsoft ≫ Windows Version-

Ibm ≫ HTTP Server Version6.0.2.3

Microsoft ≫ Windows Version-

Ibm ≫ HTTP Server Version6.0.2.7

Microsoft ≫ Windows Version-

Ibm ≫ HTTP Server Version6.0.2.9

Microsoft ≫ Windows Version-

Ibm ≫ HTTP Server Version6.0.2.11

Microsoft ≫ Windows Version-

Ibm ≫ HTTP Server Version6.0.2.13

Microsoft ≫ Windows Version-

Ibm ≫ HTTP Server Version6.0.2.15

Microsoft ≫ Windows Version-

Ibm ≫ HTTP Server Version6.0.2.19

Microsoft ≫ Windows Version-

Ibm ≫ HTTP Server Version6.0.2.21

Microsoft ≫ Windows Version-

Ibm ≫ HTTP Server Version6.0.2.23

Microsoft ≫ Windows Version-

Ibm ≫ HTTP Server Version6.0.2.25

Microsoft ≫ Windows Version-

Ibm ≫ HTTP Server Version6.0.2.27

Microsoft ≫ Windows Version-

Ibm ≫ HTTP Server Version6.0.2.29

Microsoft ≫ Windows Version-

Ibm ≫ HTTP Server Version6.0.2.31

Microsoft ≫ Windows Version-

Ibm ≫ HTTP Server Version6.0.2.33

Microsoft ≫ Windows Version-

Ibm ≫ HTTP Server Version6.0.2.35

Microsoft ≫ Windows Version-

Ibm ≫ HTTP Server Version6.0.2.37

Microsoft ≫ Windows Version-

Ibm ≫ HTTP Server Version6.0.2.39

Microsoft ≫ Windows Version-

Ibm ≫ HTTP Server Version6.1

Microsoft ≫ Windows Version-

Ibm ≫ HTTP Server Version6.1.0.2

Microsoft ≫ Windows Version-

Ibm ≫ HTTP Server Version6.1.0.3

Microsoft ≫ Windows Version-

Ibm ≫ HTTP Server Version6.1.0.5

Microsoft ≫ Windows Version-

Ibm ≫ HTTP Server Version6.1.0.7

Microsoft ≫ Windows Version-

Ibm ≫ HTTP Server Version6.1.0.9

Microsoft ≫ Windows Version-

Ibm ≫ HTTP Server Version6.1.0.11

Microsoft ≫ Windows Version-

Ibm ≫ HTTP Server Version6.1.0.13

Microsoft ≫ Windows Version-

Ibm ≫ HTTP Server Version6.1.0.15

Microsoft ≫ Windows Version-

Ibm ≫ HTTP Server Version6.1.0.17

Microsoft ≫ Windows Version-

Ibm ≫ HTTP Server Version6.1.0.19

Microsoft ≫ Windows Version-

Ibm ≫ HTTP Server Version6.1.0.21

Microsoft ≫ Windows Version-

Ibm ≫ HTTP Server Version6.1.0.23

Microsoft ≫ Windows Version-

Ibm ≫ HTTP Server Version6.1.0.25

Microsoft ≫ Windows Version-

Ibm ≫ HTTP Server Version6.1.0.27

Microsoft ≫ Windows Version-

Ibm ≫ HTTP Server Version6.1.0.29

Microsoft ≫ Windows Version-

Oracle ≫ HTTP Server Version10.1.3.5.0

Broadcom ≫ Vmware Ace Management Server Version < 2.7.2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	86.82%	0.994

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	10	10	10	AV:N/AC:L/Au:N/C:C/I:C/A:C

https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E

Mailing List

Issue Tracking

https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E

Mailing List

Issue Tracking

https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4%40%3Ccvs.httpd.apache.org%3E

Mailing List

Issue Tracking

https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10%40%3Ccvs.httpd.apache.org%3E

Mailing List

Issue Tracking

https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E

Mailing List

Issue Tracking

https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E

Mailing List

Issue Tracking

https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E

Mailing List

Issue Tracking

https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3E

Mailing List

Issue Tracking

https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3E

Mailing List

Issue Tracking

https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3E

Mailing List

Issue Tracking

http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html

Third Party Advisory

https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E

Mailing List

Issue Tracking

https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E

Mailing List

Issue Tracking

https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3Ccvs.httpd.apache.org%3E

Mailing List

Issue Tracking

http://httpd.apache.org/security/vulnerabilities_22.html

Vendor Advisory

https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E

Mailing List

Issue Tracking

https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E

Mailing List

Issue Tracking

https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E

Mailing List

Issue Tracking

https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E

Mailing List

Issue Tracking

https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E

Mailing List

Issue Tracking

http://httpd.apache.org/security/vulnerabilities_20.html

Vendor Advisory

https://lists.apache.org/thread.html/r2295080a257bad27ea68ca0af12fc715577f9e84801eae116a33107e%40%3Ccvs.httpd.apache.org%3E

Mailing List

Issue Tracking

https://lists.apache.org/thread.html/reb7c64aeea604bf948467d9d1cab8ff23fa7d002be1964bcc275aae7%40%3Ccvs.httpd.apache.org%3E

Mailing List

Issue Tracking

https://lists.apache.org/thread.html/rad2acee3ab838b52c04a0698b1728a9a43467bf365bd481c993c535d%40%3Ccvs.httpd.apache.org%3E

Mailing List

Issue Tracking

http://secunia.com/advisories/39628

Broken Link

http://www-01.ibm.com/support/docview.wss?uid=swg1PM12247

Third Party Advisory

http://www.vupen.com/english/advisories/2010/0994

Vendor Advisory

Broken Link

Mailing List

Issue Tracking

http://lists.vmware.com/pipermail/security-announce/2010/000105.html

Broken Link

http://www.vmware.com/security/advisories/VMSA-2010-0014.html

Third Party Advisory

http://secunia.com/advisories/38978

Broken Link

http://svn.apache.org/viewvc/httpd/httpd/trunk/CHANGES?r1=917870&r2=917869&pathrev=917870

Permissions Required

http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/arch/win32/mod_isapi.c?r1=917870&r2=917869&pathrev=917870

Permissions Required

http://svn.apache.org/viewvc?view=revision&revision=917870

Permissions Required

http://www-01.ibm.com/support/docview.wss?uid=swg1PM09447

Third Party Advisory

http://www.kb.cert.org/vuls/id/280613

Third Party Advisory

US Government Resource

http://www.securityfocus.com/bid/38494

Exploit

Broken Link

http://www.securitytracker.com/id?1023701

Broken Link

http://www.senseofsecurity.com.au/advisories/SOS-10-002

Third Party Advisory

URL Repurposed

http://www.vupen.com/english/advisories/2010/0634

Vendor Advisory

Broken Link

https://exchange.xforce.ibmcloud.com/vulnerabilities/56624

Third Party Advisory

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8439

Broken Link

https://www.exploit-db.com/exploits/11650

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2010-0425

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2010-0425

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2010-0425

EUVD