NA
CVSSv3

CVE-2010-0010

CVSSv4: NA | CVSSv3: NA | CVSSv2: 6.8 | VMScore: 780 | EPSS: 0.94887 | KEV: Not Included
Published: 02/02/2010 Updated: 21/11/2024

Vulnerability Summary

Integer overflow in the ap_proxy_send_fb function in proxy/proxy_util.c in mod_proxy in the Apache HTTP Server prior to 1.3.42 on 64-bit platforms allows remote origin servers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a large chunk size that triggers a heap-based buffer overflow.

Vulnerable Product Search on Vulmon Subscribe to Product

apache http server

apache http server 0.8.11

apache http server 0.8.14

apache http server 1.0

apache http server 1.0.3

apache http server 1.0.5

apache http server 1.1

apache http server 1.2

apache http server 1.2.4

apache http server 1.2.5

apache http server 1.2.6

apache http server 1.3

apache http server 1.3.0

apache http server 1.3.1

apache http server 1.3.2

apache http server 1.3.3

apache http server 1.3.4

apache http server 1.3.10

apache http server 1.3.11

apache http server 1.3.12

apache http server 1.3.13

apache http server 1.3.14

apache http server 1.3.15

apache http server 1.3.17

apache http server 1.3.18

apache http server 1.3.19

apache http server 1.3.20

apache http server 1.3.22

apache http server 1.3.23

apache http server 1.3.24

apache http server 1.3.25

apache http server 1.3.26

apache http server 1.3.27

apache http server 1.3.28

apache http server 1.3.29

apache http server 1.3.30

apache http server 1.3.31

apache http server 1.3.32

apache http server 1.3.33

apache http server 1.3.34

apache http server 1.3.35

apache http server 1.3.36

apache http server 1.3.37

apache http server 1.3.38

apache http server 1.3.39

apache http server 1.3.40

References

CWE-189https://nvd.nist.govhttps://www.first.org/epsshttp://archives.neohapsis.com/archives/fulldisclosure/2010-01/0589.htmlhttp://blog.pi3.com.pl/?p=69http://httpd.apache.org/dev/dist/CHANGES_1.3.42http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00006.htmlhttp://marc.info/?l=bugtraq&m=130497311408250&w=2http://marc.info/?l=bugtraq&m=130497311408250&w=2http://packetstormsecurity.org/1001-exploits/modproxy-overflow.txthttp://secunia.com/advisories/38319http://secunia.com/advisories/39656http://site.pi3.com.pl/adv/mod_proxy.txthttp://www.securityfocus.com/archive/1/509185/100/0/threadedhttp://www.securityfocus.com/bid/37966http://www.securitytracker.com/id?1023533http://www.vupen.com/english/advisories/2010/0240http://www.vupen.com/english/advisories/2010/1001https://exchange.xforce.ibmcloud.com/vulnerabilities/55941https://lists.apache.org/thread.html/r2295080a257bad27ea68ca0af12fc715577f9e84801eae116a33107e%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/rad2acee3ab838b52c04a0698b1728a9a43467bf365bd481c993c535d%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/reb7c64aeea604bf948467d9d1cab8ff23fa7d002be1964bcc275aae7%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/rf2f0f3611f937cf6cfb3b4fe4a67f69885855126110e1e3f2fb2728e%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3Ehttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7923http://archives.neohapsis.com/archives/fulldisclosure/2010-01/0589.htmlhttp://blog.pi3.com.pl/?p=69http://httpd.apache.org/dev/dist/CHANGES_1.3.42http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00006.htmlhttp://marc.info/?l=bugtraq&m=130497311408250&w=2http://marc.info/?l=bugtraq&m=130497311408250&w=2http://packetstormsecurity.org/1001-exploits/modproxy-overflow.txthttp://secunia.com/advisories/38319http://secunia.com/advisories/39656http://site.pi3.com.pl/adv/mod_proxy.txthttp://www.securityfocus.com/archive/1/509185/100/0/threadedhttp://www.securityfocus.com/bid/37966http://www.securitytracker.com/id?1023533http://www.vupen.com/english/advisories/2010/0240http://www.vupen.com/english/advisories/2010/1001https://exchange.xforce.ibmcloud.com/vulnerabilities/55941https://lists.apache.org/thread.html/r2295080a257bad27ea68ca0af12fc715577f9e84801eae116a33107e%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/rad2acee3ab838b52c04a0698b1728a9a43467bf365bd481c993c535d%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/reb7c64aeea604bf948467d9d1cab8ff23fa7d002be1964bcc275aae7%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/rf2f0f3611f937cf6cfb3b4fe4a67f69885855126110e1e3f2fb2728e%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3Ehttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7923