Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.2
CVSSv2

CVE-2010-3872

Published: 22/11/2010 Updated: 07/11/2023
CVSS v2 Base Score: 7.2 | Impact Score: 10 | Exploitability Score: 3.9
VMScore: 641
Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Subscribe to Mod Fcgid

Vulnerability Summary

A flaw was found in the mod_fcgid module of httpd. A malformed FastCGI response may result in a stack-based buffer overflow in the modules/fcgid/fcgid_bucket.c file in the fcgid_header_bucket_read() function, resulting in an application crash.

Vulnerable Product Search on Vulmon Subscribe to Product

apache mod fcgid 2.3.1

apache mod fcgid 2.3.2

apache mod fcgid 2.3.4

apache mod fcgid

apache mod fcgid 2.3.3

Vendor Advisories

Debian CVElist Bug Report Logs: libapache2-mod-fcgid: stack overwrite vulnerability
Debian Bug report logs - #605484 libapache2-mod-fcgid: stack overwrite vulnerability Package: libapache2-mod-fcgid; Maintainer for libapache2-mod-fcgid is Xavier Guimard <yadd@debianorg>; Source for libapache2-mod-fcgid is src:libapache2-mod-fcgid (PTS, buildd, popcon) Reported by: John Goerzen <jgoerzen@completeorg> ...
Debian Security Advisories: DSA-2140-1 libapache2-mod-fcgid -- stack overflow
A vulnerability has been found in Apache mod_fcgid The Common Vulnerabilities and Exposures project identifies the following problem: CVE-2010-3872 A stack overflow could allow an untrusted FCGI application to cause a server crash or possibly to execute arbitrary code as the user running the web server For the stable distribution (lenny), ...

References

CWE-189http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050930.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2010-November/050976.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2010-November/050932.htmlhttp://www.vupen.com/english/advisories/2010/2998http://secunia.com/advisories/42288http://secunia.com/advisories/42302http://www.vupen.com/english/advisories/2010/2997http://osvdb.org/69275http://www.gossamer-threads.com/lists/apache/announce/391406https://issues.apache.org/bugzilla/show_bug.cgi?id=49406http://secunia.com/advisories/42815http://www.vupen.com/english/advisories/2011/0031http://www.securityfocus.com/bid/44900http://www.debian.org/security/2010/dsa-2140http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00004.htmlhttp://lists.opensuse.org/opensuse-security-announce/2011-08/msg00005.htmlhttps://exchange.xforce.ibmcloud.com/vulnerabilities/63303https://bugzilla.redhat.com/show_bug.cgi?id=2248172https://access.redhat.com/security/cve/CVE-2010-3872https://github.com/apache/httpd-mod_fcgid/commit/b1afa70840b4ab4e6fbc12ac8798b2f3ccc336b2https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=605484https://nvd.nist.govhttps://www.debian.org/security/./dsa-2140
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
hardcodedarbitrary codeCVE-2024-2404CVE-2024-21111CVE-2024-28627CVE-2024-4073information disclosureCVE-2024-32780CVE-2024-4040
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook