Published: 05/03/2010 Updated: 13/02/2023

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

VMScore: 474

Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N

Subscribe to Apache

The ap_read_request function in server/protocol.c in the Apache HTTP Server 2.2.x prior to 2.2.15, when a multithreaded MPM is used, does not properly handle headers in subrequests in certain circumstances involving a parent request that has a body, which might allow remote malicious users to obtain sensitive information via a crafted request that triggers access to memory locations associated with an earlier request.

Vulnerable Product	Search on Vulmon	Subscribe to Product
apache http server
fedoraproject fedora 11
fedoraproject fedora 13
debian debian linux 5.0
debian debian linux 6.0

Synopsis Low: httpd security, bug fix, and enhancement update Type/Severity Security Advisory: Low Topic Updated httpd packages that fix one security issue, a bug, and add anenhancement are now available for Red Hat Enterprise Linux 4The Red Hat Security Response Team has rated this update as having lowsec ...

Synopsis Moderate: httpd security and enhancement update Type/Severity Security Advisory: Moderate Topic Updated httpd packages that fix two security issues and add an enhancementare now available for Red Hat Enterprise Linux 5The Red Hat Security Response Team has rated this update as having moderatesecur ...

Debian Bug report logs - #533661 "slowloris" denial-of-service vulnerability Package: apache2; Maintainer for apache2 is Debian Apache Maintainers <debian-apache@listsdebianorg>; Source for apache2 is src:apache2 (PTS, buildd, popcon) Reported by: Michael S Gilbert <michaelsgilbert@gmailcom> Date: Fri, 19 Jun 20 ...

It was discovered that mod_proxy_ajp did not properly handle errors when a client doesn’t send a request body A remote attacker could exploit this with a crafted request and cause a denial of service This issue affected Ubuntu 804 LTS, 810, 904 and 910 (CVE-2010-0408) ...

Two issues have been found in the Apache HTTPD web server: CVE-2010-0408 mod_proxy_ajp would return the wrong status code if it encountered an error, causing a backend server to be put into an error state until the retry timeout expired A remote attacker could send malicious requests to trigger this issue, resulting in denial of service CVE-2010 ...

CWE-200 http://svn.apache.org/viewvc?view=revision&revision=918427 https://bugzilla.redhat.com/show_bug.cgi?id=570171 http://www.securityfocus.com/bid/38494 http://svn.apache.org/viewvc?view=revision&revision=917867 https://issues.apache.org/bugzilla/show_bug.cgi?id=48359 http://httpd.apache.org/security/vulnerabilities_22.html http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/server/protocol.c?r1=917617&r2=917867&pathrev=917867&diff_format=h http://www.redhat.com/support/errata/RHSA-2010-0168.html http://www.redhat.com/support/errata/RHSA-2010-0175.html http://secunia.com/advisories/39628 http://www-01.ibm.com/support/docview.wss?uid=swg1PM12247 http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00006.html http://secunia.com/advisories/39501 http://lists.fedoraproject.org/pipermail/package-announce/2010-May/040652.html http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039957.html http://www.vupen.com/english/advisories/2010/1057 http://secunia.com/advisories/39632 http://www.vupen.com/english/advisories/2010/0911 http://www.vupen.com/english/advisories/2010/0994 http://www.debian.org/security/2010/dsa-2035 http://www.vupen.com/english/advisories/2010/1001 http://secunia.com/advisories/39656 http://secunia.com/advisories/40096 http://www-01.ibm.com/support/docview.wss?uid=swg1PM15829 http://www-01.ibm.com/support/docview.wss?uid=swg1PM08939 http://www.vupen.com/english/advisories/2010/1411 http://secunia.com/advisories/39100 http://secunia.com/advisories/39115 http://lists.vmware.com/pipermail/security-announce/2010/000105.html http://www.vmware.com/security/advisories/VMSA-2010-0014.html http://support.apple.com/kb/HT4435 http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html http://marc.info/?l=bugtraq&m=127557640302499&w=2 https://exchange.xforce.ibmcloud.com/vulnerabilities/56625 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8695 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10358 https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r688df6f16f141e966a0a47f817e559312b3da27886f59116a94b273d%40%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/re2e23465bbdb17ffe109d21b4f192e6b58221cd7aa8797d530b4cd75%40%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4%40%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a%40%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10%40%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/rad2acee3ab838b52c04a0698b1728a9a43467bf365bd481c993c535d%40%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3Ccvs.httpd.apache.org%3E https://nvd.nist.gov https://access.redhat.com/errata/RHSA-2010:0175 https://usn.ubuntu.com/908-1/

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook