Published: 05/03/2010 Updated: 01/11/2023

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

The ap_proxy_ajp_request function in mod_proxy_ajp.c in mod_proxy_ajp in the Apache HTTP Server 2.2.x prior to 2.2.15 does not properly handle certain situations in which a client sends no request body, which allows remote malicious users to cause a denial of service (backend server outage) via a crafted request, related to use of a 500 error code instead of the appropriate 400 error code.

Vulnerable Product	Search on Vulmon	Subscribe to Product
apache http server 2.2
apache http server 2.2.11
apache http server 2.2.0
apache http server 2.2.13
apache http server 2.2.2
apache http server 2.2.4
apache http server 2.2.8
apache http server 2.2.14
apache http server 2.2.6
apache http server 2.2.9
apache http server 2.2.12
apache http server 2.2.3

Synopsis Moderate: httpd security and enhancement update Type/Severity Security Advisory: Moderate Topic Updated httpd packages that fix two security issues and add an enhancementare now available for Red Hat Enterprise Linux 5The Red Hat Security Response Team has rated this update as having moderatesecur ...

Debian Bug report logs - #533661 "slowloris" denial-of-service vulnerability Package: apache2; Maintainer for apache2 is Debian Apache Maintainers <debian-apache@listsdebianorg>; Source for apache2 is src:apache2 (PTS, buildd, popcon) Reported by: Michael S Gilbert <michaelsgilbert@gmailcom> Date: Fri, 19 Jun 20 ...

It was discovered that mod_proxy_ajp did not properly handle errors when a client doesn’t send a request body A remote attacker could exploit this with a crafted request and cause a denial of service This issue affected Ubuntu 804 LTS, 810, 904 and 910 (CVE-2010-0408) ...

Two issues have been found in the Apache HTTPD web server: CVE-2010-0408 mod_proxy_ajp would return the wrong status code if it encountered an error, causing a backend server to be put into an error state until the retry timeout expired A remote attacker could send malicious requests to trigger this issue, resulting in denial of service CVE-2010 ...

NVD-CWE-Other http://www.mandriva.com/security/advisories?name=MDVSA-2010:053 http://svn.apache.org/viewvc?view=revision&revision=917876 http://httpd.apache.org/security/vulnerabilities_22.html http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/modules/proxy/mod_proxy_ajp.c?r1=917876&r2=917875&pathrev=917876 https://bugzilla.redhat.com/show_bug.cgi?id=569905 http://www.securityfocus.com/bid/38491 http://www.redhat.com/support/errata/RHSA-2010-0168.html http://www-01.ibm.com/support/docview.wss?uid=swg1PM12247 http://secunia.com/advisories/39628 http://www.vupen.com/english/advisories/2010/1001 http://lists.fedoraproject.org/pipermail/package-announce/2010-May/040652.html http://www.debian.org/security/2010/dsa-2035 http://www.vupen.com/english/advisories/2010/1057 http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00006.html http://secunia.com/advisories/39656 http://www.vupen.com/english/advisories/2010/0911 http://secunia.com/advisories/39501 http://secunia.com/advisories/39632 http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039957.html http://www.vupen.com/english/advisories/2010/0994 http://secunia.com/advisories/40096 http://www-01.ibm.com/support/docview.wss?uid=swg1PM08939 http://www-01.ibm.com/support/docview.wss?uid=swg1PM15829 http://www.vupen.com/english/advisories/2010/1411 http://secunia.com/advisories/39100 http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html http://support.apple.com/kb/HT4435 http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 http://marc.info/?l=bugtraq&m=127557640302499&w=2 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9935 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8619 https://lists.apache.org/thread.html/r2295080a257bad27ea68ca0af12fc715577f9e84801eae116a33107e%40%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/rad2acee3ab838b52c04a0698b1728a9a43467bf365bd481c993c535d%40%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/reb7c64aeea604bf948467d9d1cab8ff23fa7d002be1964bcc275aae7%40%3Ccvs.httpd.apache.org%3E https://access.redhat.com/errata/RHSA-2010:0168 https://usn.ubuntu.com/908-1/https://nvd.nist.gov

Get Started

CVE-2010-0408

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect