5
CVSSv2

CVE-2010-0408

Published: 05/03/2010 Updated: 01/11/2023
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
VMScore: 449
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Vulnerability Summary

The ap_proxy_ajp_request function in mod_proxy_ajp.c in mod_proxy_ajp in the Apache HTTP Server 2.2.x prior to 2.2.15 does not properly handle certain situations in which a client sends no request body, which allows remote malicious users to cause a denial of service (backend server outage) via a crafted request, related to use of a 500 error code instead of the appropriate 400 error code.

Vulnerable Product Search on Vulmon Subscribe to Product

apache http server 2.2

apache http server 2.2.11

apache http server 2.2.0

apache http server 2.2.13

apache http server 2.2.2

apache http server 2.2.4

apache http server 2.2.8

apache http server 2.2.14

apache http server 2.2.6

apache http server 2.2.9

apache http server 2.2.12

apache http server 2.2.3

Vendor Advisories

Synopsis Moderate: httpd security and enhancement update Type/Severity Security Advisory: Moderate Topic Updated httpd packages that fix two security issues and add an enhancementare now available for Red Hat Enterprise Linux 5The Red Hat Security Response Team has rated this update as having moderatesecur ...
It was discovered that mod_proxy_ajp did not properly handle errors when a client doesn’t send a request body A remote attacker could exploit this with a crafted request and cause a denial of service This issue affected Ubuntu 804 LTS, 810, 904 and 910 (CVE-2010-0408) ...
Debian Bug report logs - #533661 "slowloris" denial-of-service vulnerability Package: apache2; Maintainer for apache2 is Debian Apache Maintainers <debian-apache@listsdebianorg>; Source for apache2 is src:apache2 (PTS, buildd, popcon) Reported by: Michael S Gilbert <michaelsgilbert@gmailcom> Date: Fri, 19 Jun 20 ...
Two issues have been found in the Apache HTTPD web server: CVE-2010-0408 mod_proxy_ajp would return the wrong status code if it encountered an error, causing a backend server to be put into an error state until the retry timeout expired A remote attacker could send malicious requests to trigger this issue, resulting in denial of service CVE-2010 ...

Github Repositories

Automatically exported from code.google.com/p/vulnerability-check

This simple script uses open source software (nmap, vFeed and DPE) and performs almost same task as Nessus or AVDS vFeed - Aggregated Vulnerability Database - wwwtoolswatchorg/vfeed/ DPE - Default Password Enumeration - wwwtoolswatchorg/dpe/ install Debian/Ubuntu required packages: $ sudo apt-get install nmap python27 php5-cli php5-sqlite -y

Forked and customised enum tool for pentesters.

ReconScan The purpose of this project is to develop scripts that can be useful in the pentesting workflow, be it for VulnHub VMs, CTFs, hands-on certificates, or real-world targets The project currently consists of two major components: a script invoking and aggregating the results of existing tools, and a second script for automated analysis of the aforementioned results from

Network reconnaissance and vulnerability assessment tools.

ReconScan The purpose of this project is to develop scripts that can be useful in the pentesting workflow, be it for VulnHub VMs, CTFs, hands-on certificates, or real-world targets The project currently consists of two major components: a script invoking and aggregating the results of existing tools, and a second script for automated analysis of the aforementioned results from

repository ini digunakan untuk belajar

ReconScan The purpose of this project is to develop scripts that can be useful in the pentesting workflow, be it for VulnHub VMs, CTFs, hands-on certificates, or real-world targets The project currently consists of two major components: a script invoking and aggregating the results of existing tools, and a second script for automated analysis of the aforementioned results from

Network reconnaissance and vulnerability assessment tools.

ReconScan The purpose of this project is to develop scripts that can be useful in the pentesting workflow, be it for VulnHub VMs, CTFs, hands-on certificates, or real-world targets The project currently consists of two major components: a script invoking and aggregating the results of existing tools, and a second script for automated analysis of the aforementioned results from

Network reconnaissance and vulnerability assessment tools.

ReconScan The purpose of this project is to develop scripts that can be useful in the pentesting workflow, be it for VulnHub VMs, CTFs, hands-on certificates, or real-world targets The project currently consists of two major components: a script invoking and aggregating the results of existing tools, and a second script for automated analysis of the aforementioned results from

A python tool to quickly analyze all IPs and see which ones have open ports and vulnerabilities

Strike A python tool to quickly analyze all IPs and see which ones have open ports and vulnerabilities Installation apt-get install python3 git clone githubcom/SecureAxom/strike cd strike pip3 install -r requirementstxt python3 strikepy Usages python3 strikepy -h python3 strikepy -t 20891

Домашнее задание к занятию "Уязвимости и атаки на информационные системы" - Никулин Михаил Сергеевич Задание 1 ┌──(kali㉿kali)-[~] └─$ nmap -A --script vulnersnse 1921680169 Starting Nmap 793 ( nmaporg ) at 2023-04-10 13:43 EDT Nmap scan report for 192

Домашнее задание к занятию "131 «Уязвимости и атаки на информационные системы»" - Живарев Игорь Задание 1 Разрешённые сетевые службы: Обнаруженные уязвимости при агресивном сканировании: Обнаруж

whitehat nmap -sV --script vuln 192168123162 output Starting Nmap 793 ( nmaporg ) at 2022-12-25 15:11 EST Pre-scan script results: | broadcast-avahi-dos: | Discovered hosts: | 22400251 | After NULL UDP avahi packet DoS (CVE-2011-1002) |_ Hosts are all up (not vulnerable) Nmap scan report for 192168123162 Host is up (000025s latency) Not shown: 97

Домашнее задание к занятию 131 «Уязвимости и атаки на информационные системы» — Александр Гумлевой Задание 1 Скачайте и установите виртуальную машину Metasploitable: sourceforgenet/projects/metasploitable/ Это типовая

Задание 1 Скачайте и установите виртуальную машину Metasploitable: sourceforgenet/projects/metasploitable/ Это типовая ОС для экспериментов в области информационной безопасности, с которой следует начать при анализе уязвимост

Nmap-Scans-M2 Description This project is split into three repositories where this repository will provide the documentation of performing necessary Nmap scans to identify the vulnerabilities(CVEs) which are present in the targeted virtual machine The Kali Linux distro is utilized to perform the network scans Nmap is a powerful open source security auditing and network sca

References

NVD-CWE-Otherhttp://www.mandriva.com/security/advisories?name=MDVSA-2010:053http://svn.apache.org/viewvc?view=revision&revision=917876http://httpd.apache.org/security/vulnerabilities_22.htmlhttp://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/modules/proxy/mod_proxy_ajp.c?r1=917876&r2=917875&pathrev=917876https://bugzilla.redhat.com/show_bug.cgi?id=569905http://www.securityfocus.com/bid/38491http://www.redhat.com/support/errata/RHSA-2010-0168.htmlhttp://www-01.ibm.com/support/docview.wss?uid=swg1PM12247http://secunia.com/advisories/39628http://www.vupen.com/english/advisories/2010/1001http://lists.fedoraproject.org/pipermail/package-announce/2010-May/040652.htmlhttp://www.debian.org/security/2010/dsa-2035http://www.vupen.com/english/advisories/2010/1057http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00006.htmlhttp://secunia.com/advisories/39656http://www.vupen.com/english/advisories/2010/0911http://secunia.com/advisories/39501http://secunia.com/advisories/39632http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039957.htmlhttp://www.vupen.com/english/advisories/2010/0994http://secunia.com/advisories/40096http://www-01.ibm.com/support/docview.wss?uid=swg1PM08939http://www-01.ibm.com/support/docview.wss?uid=swg1PM15829http://www.vupen.com/english/advisories/2010/1411http://secunia.com/advisories/39100http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.htmlhttp://support.apple.com/kb/HT4435http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.htmlhttp://www.mandriva.com/security/advisories?name=MDVSA-2013:150http://marc.info/?l=bugtraq&m=127557640302499&w=2https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9935https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8619https://lists.apache.org/thread.html/r2295080a257bad27ea68ca0af12fc715577f9e84801eae116a33107e%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/rad2acee3ab838b52c04a0698b1728a9a43467bf365bd481c993c535d%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/reb7c64aeea604bf948467d9d1cab8ff23fa7d002be1964bcc275aae7%40%3Ccvs.httpd.apache.org%3Ehttps://access.redhat.com/errata/RHSA-2010:0168https://usn.ubuntu.com/908-1/https://nvd.nist.gov