Vulnerabilities > CVE-2010-0408 - Unspecified vulnerability in Apache Http Server
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN apache
nessus
Summary
The ap_proxy_ajp_request function in mod_proxy_ajp.c in mod_proxy_ajp in the Apache HTTP Server 2.2.x before 2.2.15 does not properly handle certain situations in which a client sends no request body, which allows remote attackers to cause a denial of service (backend server outage) via a crafted request, related to use of a 500 error code instead of the appropriate 400 error code.
Vulnerable Configurations
Nessus
NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2010-0168.NASL description Updated httpd packages that fix two security issues and add an enhancement are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The Apache HTTP Server is a popular web server. It was discovered that mod_proxy_ajp incorrectly returned an last seen 2020-06-01 modified 2020-06-02 plugin id 45367 published 2010-03-29 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/45367 title CentOS 5 : httpd (CESA-2010:0168) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2010-0168.NASL description From Red Hat Security Advisory 2010:0168 : Updated httpd packages that fix two security issues and add an enhancement are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The Apache HTTP Server is a popular web server. It was discovered that mod_proxy_ajp incorrectly returned an last seen 2020-06-01 modified 2020-06-02 plugin id 68022 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/68022 title Oracle Linux 5 : httpd (ELSA-2010-0168) NASL family MacOS X Local Security Checks NASL id MACOSX_10_6_5.NASL description The remote host is running a version of Mac OS X 10.6.x that is prior to 10.6.5. Mac OS X 10.6.5 contains security fixes for the following products : - AFP Server - Apache mod_perl - Apache - AppKit - ATS - CFNetwork - CoreGraphics - CoreText - CUPS - Directory Services - diskdev_cmds - Disk Images - Flash Player plug-in - gzip - Image Capture - ImageIO - Image RAW - Kernel - MySQL - neon - Networking - OpenLDAP - OpenSSL - Password Server - PHP - Printing - python - QuickLook - QuickTime - Safari RSS - Time Machine - Wiki Server - X11 - xar last seen 2020-06-01 modified 2020-06-02 plugin id 50548 published 2010-11-10 reporter This script is Copyright (C) 2010-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/50548 title Mac OS X 10.6.x < 10.6.5 Multiple Vulnerabilities NASL family Web Servers NASL id APACHE_2_2_15.NASL description According to its banner, the version of Apache 2.2.x running on the remote host is prior to 2.2.15. It is, therefore, potentially affected by multiple vulnerabilities : - A TLS renegotiation prefix injection attack is possible. (CVE-2009-3555) - The last seen 2020-06-01 modified 2020-06-02 plugin id 45004 published 2010-10-20 reporter This script is Copyright (C) 2010-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/45004 title Apache 2.2.x < 2.2.15 Multiple Vulnerabilities NASL family SuSE Local Security Checks NASL id SUSE_11_2_APACHE2-100413.NASL description When using a multithreaded MPM apache could leak memory of requests handled by a different thread when processing subrequests (CVE-2010-0434). Specially crafted requests could crash mod_proxy_ajp (CVE-2010-0408). last seen 2020-06-01 modified 2020-06-02 plugin id 46011 published 2010-04-27 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/46011 title openSUSE Security Update : apache2 (openSUSE-SU-2010:0165-1) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201206-25.NASL description The remote host is affected by the vulnerability described in GLSA-201206-25 (Apache HTTP Server: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Apache HTTP Server. Please review the CVE identifiers referenced below for details. Impact : A remote attacker might obtain sensitive information, gain privileges, send requests to unintended servers behind proxies, bypass certain security restrictions, obtain the values of HTTPOnly cookies, or cause a Denial of Service in various ways. A local attacker could gain escalated privileges. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 59678 published 2012-06-25 reporter This script is Copyright (C) 2012-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/59678 title GLSA-201206-25 : Apache HTTP Server: Multiple vulnerabilities NASL family Debian Local Security Checks NASL id DEBIAN_DSA-2035.NASL description Two issues have been found in the Apache HTTPD web server : - CVE-2010-0408 mod_proxy_ajp would return the wrong status code if it encountered an error, causing a backend server to be put into an error state until the retry timeout expired. A remote attacker could send malicious requests to trigger this issue, resulting in denial of service. - CVE-2010-0434 A flaw in the core subrequest process code was found, which could lead to a daemon crash (segfault) or disclosure of sensitive information if the headers of a subrequest were modified by modules such as mod_headers. last seen 2020-06-01 modified 2020-06-02 plugin id 45557 published 2010-04-19 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/45557 title Debian DSA-2035-1 : apache2 - multiple issues NASL family Fedora Local Security Checks NASL id FEDORA_2010-5942.NASL description The Apache HTTP Server Project is proud to announce the release of version 2.2.15 of the Apache HTTP Server ( last seen 2020-06-01 modified 2020-06-02 plugin id 47408 published 2010-07-01 reporter This script is Copyright (C) 2010-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/47408 title Fedora 13 : httpd-2.2.15-1.fc13 (2010-5942) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-908-1.NASL description It was discovered that mod_proxy_ajp did not properly handle errors when a client doesn last seen 2020-06-01 modified 2020-06-02 plugin id 45037 published 2010-03-11 reporter Ubuntu Security Notice (C) 2010-2019 Canonical, Inc. / NASL script (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/45037 title Ubuntu 6.06 LTS / 8.04 LTS / 8.10 / 9.04 / 9.10 : apache2 vulnerabilities (USN-908-1) NASL family Slackware Local Security Checks NASL id SLACKWARE_SSA_2010-067-01.NASL description New httpd packages are available for Slackware 12.0, 12.1, 12.2, 13.0, and -current to fix security issues. mod_ssl: A partial fix for the TLS renegotiation prefix injection attack by rejecting any client-initiated renegotiations. mod_proxy_ajp: Respond with HTTP_BAD_REQUEST when the body is not sent when request headers indicate a request body is incoming; not a case of HTTP_INTERNAL_SERVER_ERROR. mod_isapi: Do not unload an isapi .dll module until the request processing is completed, avoiding orphaned callback pointers. [This is the most serious flaw, but does not affect Linux systems] last seen 2020-06-01 modified 2020-06-02 plugin id 45007 published 2010-03-09 reporter This script is Copyright (C) 2010-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/45007 title Slackware 12.0 / 12.1 / 12.2 / 13.0 / current : httpd (SSA:2010-067-01) NASL family SuSE Local Security Checks NASL id SUSE_11_1_APACHE2-100413.NASL description When using a multithreaded MPM apache could leak memory of requests handled by a different thread when processing subrequests (CVE-2010-0434). Specially crafted requests could crash mod_proxy_ajp (CVE-2010-0408). last seen 2020-06-01 modified 2020-06-02 plugin id 46009 published 2010-04-27 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/46009 title openSUSE Security Update : apache2 (openSUSE-SU-2010:0165-1) NASL family Fedora Local Security Checks NASL id FEDORA_2010-6055.NASL description The Apache HTTP Server Project is proud to announce the release of version 2.2.15 of the Apache HTTP Server ( last seen 2020-06-01 modified 2020-06-02 plugin id 47412 published 2010-07-01 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/47412 title Fedora 12 : httpd-2.2.15-1.fc12.2 (2010-6055) NASL family SuSE Local Security Checks NASL id SUSE_APACHE2-6984.NASL description The following bugs have been fixed : When using a multi-threaded MPM apache could leak memory of requests handled by a different thread when processing subrequests (CVE-2010-0434). Specially crafted requests could crash mod_proxy_ajp. (CVE-2010-0408) last seen 2020-06-01 modified 2020-06-02 plugin id 46013 published 2010-04-27 reporter This script is Copyright (C) 2010-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/46013 title SuSE 10 Security Update : Apache 2 (ZYPP Patch Number 6984) NASL family Fedora Local Security Checks NASL id FEDORA_2010-6131.NASL description The Apache HTTP Server Project is proud to announce the release of version 2.2.15 of the Apache HTTP Server ( last seen 2020-06-01 modified 2020-06-02 plugin id 47417 published 2010-07-01 reporter This script is Copyright (C) 2010-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/47417 title Fedora 11 : httpd-2.2.15-1.fc11.1 (2010-6131) NASL family SuSE Local Security Checks NASL id SUSE_APACHE2-6987.NASL description The following bugs have been fixed : When using a multi-threaded MPM apache could leak memory of requests handled by a different thread when processing subrequests (CVE-2010-0434). Specially crafted requests could crash mod_proxy_ajp. (CVE-2010-0408) last seen 2020-06-01 modified 2020-06-02 plugin id 49827 published 2010-10-11 reporter This script is Copyright (C) 2010-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/49827 title SuSE 10 Security Update : Apache 2 (ZYPP Patch Number 6987) NASL family SuSE Local Security Checks NASL id SUSE_11_APACHE2-100413.NASL description The following bugs have been fixed : - When using a multithreaded MPM Apache could leak memory of requests handled by a different thread when processing subrequests. (CVE-2010-0434) - Specially crafted requests could crash mod_proxy_ajp. (CVE-2010-0408) last seen 2020-06-01 modified 2020-06-02 plugin id 50889 published 2010-12-02 reporter This script is Copyright (C) 2010-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/50889 title SuSE 11 Security Update : Apache 2 (SAT Patch Number 2293) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2010-0168.NASL description Updated httpd packages that fix two security issues and add an enhancement are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The Apache HTTP Server is a popular web server. It was discovered that mod_proxy_ajp incorrectly returned an last seen 2020-06-01 modified 2020-06-02 plugin id 46279 published 2010-05-11 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/46279 title RHEL 5 : httpd (RHSA-2010:0168) NASL family Scientific Linux Local Security Checks NASL id SL_20100325_HTTPD_ON_SL5_X.NASL description CVE-2010-0408 httpd: mod_proxy_ajp remote temporary DoS CVE-2010-0434 httpd: request header information leak It was discovered that mod_proxy_ajp incorrectly returned an last seen 2020-06-01 modified 2020-06-02 plugin id 60754 published 2012-08-01 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/60754 title Scientific Linux Security Update : httpd on SL5.x i386/x86_64 NASL family SuSE Local Security Checks NASL id SUSE_11_0_APACHE2-100413.NASL description When using a multithreaded MPM apache could leak memory of requests handled by a different thread when processing subrequests (CVE-2010-0434). Specially crafted requests could crash mod_proxy_ajp (CVE-2010-0408). last seen 2020-06-01 modified 2020-06-02 plugin id 46006 published 2010-04-27 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/46006 title openSUSE Security Update : apache2 (openSUSE-SU-2010:0165-1) NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2010-053.NASL description A vulnerability has been found and corrected in apache : mod_proxy_ajp: Respond with HTTP_BAD_REQUEST when the body is not sent after request headers indicate a request body is incoming; this is not a case of HTTP_INTERNAL_SERVER_ERROR (CVE-2010-0408). Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers. The updated packages have been patched to correct this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 44963 published 2010-03-03 reporter This script is Copyright (C) 2010-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/44963 title Mandriva Linux Security Advisory : apache (MDVSA-2010:053)
Oval
accepted 2014-07-14T04:01:30.549-04:00 class vulnerability contributors name J. Daniel Brown organization DTCC name Mike Lah organization The MITRE Corporation name Shane Shaffer organization G2, Inc. name Maria Mikhno organization ALTX-SOFT
definition_extensions comment Apache HTTP Server 2.2.x is installed on the system oval oval:org.mitre.oval:def:8550 description The ap_proxy_ajp_request function in mod_proxy_ajp.c in mod_proxy_ajp in the Apache HTTP Server 2.2.x before 2.2.15 does not properly handle certain situations in which a client sends no request body, which allows remote attackers to cause a denial of service (backend server outage) via a crafted request, related to use of a 500 error code instead of the appropriate 400 error code. family windows id oval:org.mitre.oval:def:8619 status accepted submitted 2010-03-08T17:30:00.000-05:00 title Apache mod_proxy_ajp Module Incoming Request Body Denial Of Service Vulnerability version 11 accepted 2013-04-29T04:23:26.979-04:00 class vulnerability contributors name Aharon Chernin organization SCAP.com, LLC name Dragos Prisaca organization G2, Inc.
definition_extensions comment The operating system installed on the system is Red Hat Enterprise Linux 5 oval oval:org.mitre.oval:def:11414 comment The operating system installed on the system is CentOS Linux 5.x oval oval:org.mitre.oval:def:15802 comment Oracle Linux 5.x oval oval:org.mitre.oval:def:15459
description The ap_proxy_ajp_request function in mod_proxy_ajp.c in mod_proxy_ajp in the Apache HTTP Server 2.2.x before 2.2.15 does not properly handle certain situations in which a client sends no request body, which allows remote attackers to cause a denial of service (backend server outage) via a crafted request, related to use of a 500 error code instead of the appropriate 400 error code. family unix id oval:org.mitre.oval:def:9935 status accepted submitted 2010-07-09T03:56:16-04:00 title The ap_proxy_ajp_request function in mod_proxy_ajp.c in mod_proxy_ajp in the Apache HTTP Server 2.2.x before 2.2.15 does not properly handle certain situations in which a client sends no request body, which allows remote attackers to cause a denial of service (backend server outage) via a crafted request, related to use of a 500 error code instead of the appropriate 400 error code. version 18
Redhat
advisories |
| ||||
rpms |
|
References
- http://www.mandriva.com/security/advisories?name=MDVSA-2010:053
- http://svn.apache.org/viewvc?view=revision&revision=917876
- http://httpd.apache.org/security/vulnerabilities_22.html
- http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/modules/proxy/mod_proxy_ajp.c?r1=917876&r2=917875&pathrev=917876
- https://bugzilla.redhat.com/show_bug.cgi?id=569905
- http://www.securityfocus.com/bid/38491
- http://www.redhat.com/support/errata/RHSA-2010-0168.html
- http://www-01.ibm.com/support/docview.wss?uid=swg1PM12247
- http://secunia.com/advisories/39628
- http://www.vupen.com/english/advisories/2010/1001
- http://lists.fedoraproject.org/pipermail/package-announce/2010-May/040652.html
- http://www.debian.org/security/2010/dsa-2035
- http://www.vupen.com/english/advisories/2010/1057
- http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00006.html
- http://secunia.com/advisories/39656
- http://www.vupen.com/english/advisories/2010/0911
- http://secunia.com/advisories/39501
- http://secunia.com/advisories/39632
- http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039957.html
- http://www.vupen.com/english/advisories/2010/0994
- http://secunia.com/advisories/40096
- http://www-01.ibm.com/support/docview.wss?uid=swg1PM08939
- http://www-01.ibm.com/support/docview.wss?uid=swg1PM15829
- http://www.vupen.com/english/advisories/2010/1411
- http://secunia.com/advisories/39100
- http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html
- http://support.apple.com/kb/HT4435
- http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html
- http://www.mandriva.com/security/advisories?name=MDVSA-2013:150
- http://marc.info/?l=bugtraq&m=127557640302499&w=2
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9935
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8619
- https://lists.apache.org/thread.html/r2295080a257bad27ea68ca0af12fc715577f9e84801eae116a33107e%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/rad2acee3ab838b52c04a0698b1728a9a43467bf365bd481c993c535d%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/reb7c64aeea604bf948467d9d1cab8ff23fa7d002be1964bcc275aae7%40%3Ccvs.httpd.apache.org%3E