Vulnerabilities > CVE-2010-0425 - Unspecified vulnerability in Apache Http Server

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
apache
nessus
exploit available
metasploit

Summary

modules/arch/win32/mod_isapi.c in mod_isapi in the Apache HTTP Server 2.0.37 through 2.0.63, 2.2.0 through 2.2.14, and 2.3.x before 2.3.7, when running on Windows, does not ensure that request processing is complete before calling isapi_unload for an ISAPI .dll module, which allows remote attackers to execute arbitrary code via unspecified vectors related to a crafted request, a reset packet, and "orphaned callback pointers."

Exploit-Db

  • descriptionWrite-to-file Shellcode (Win32). CVE-2010-0425. Shellcode exploits for multiple platform
    idEDB-ID:14288
    last seen2016-02-01
    modified2010-07-09
    published2010-07-09
    reporterBrett Gervasoni
    sourcehttps://www.exploit-db.com/download/14288/
    titleWrite-to-file Shellcode Win32
  • descriptionApache 2.2.14 mod_isapi Dangling Pointer Remote SYSTEM Exploit. CVE-2010-0425. Remote exploit for windows platform
    idEDB-ID:11650
    last seen2016-02-01
    modified2010-03-07
    published2010-03-07
    reporterBrett Gervasoni
    sourcehttps://www.exploit-db.com/download/11650/
    titleApache 2.2.14 mod_isapi - Dangling Pointer Remote SYSTEM Exploit

Metasploit

descriptionThis module triggers a use-after-free vulnerability in the Apache Software Foundation mod_isapi extension for versions 2.2.14 and earlier. In order to reach the vulnerable code, the target server must have an ISAPI module installed and configured. By making a request that terminates abnormally (either an aborted TCP connection or an unsatisfied chunked request), mod_isapi will unload the ISAPI extension. Later, if another request comes for that ISAPI module, previously obtained pointers will be used resulting in an access violation or potentially arbitrary code execution. Although arbitrary code execution is theoretically possible, a real-world method of invoking this consequence has not been proven. In order to do so, one would need to find a situation where a particular ISAPI module loads at an image base address that can be re-allocated by a remote attacker. Limited success was encountered using two separate ISAPI modules. In this scenario, a second ISAPI module was loaded into the same memory area as the previously unloaded module.
idMSF:AUXILIARY/DOS/HTTP/APACHE_MOD_ISAPI
last seen2020-06-14
modified1976-01-01
published1976-01-01
references
reporterRapid7
sourcehttps://github.com/rapid7/metasploit-framework/blob/master//modules/auxiliary/dos/http/apache_mod_isapi.rb
titleApache mod_isapi Dangling Pointer

Nessus

  • NASL familyWeb Servers
    NASL idAPACHE_2_2_15.NASL
    descriptionAccording to its banner, the version of Apache 2.2.x running on the remote host is prior to 2.2.15. It is, therefore, potentially affected by multiple vulnerabilities : - A TLS renegotiation prefix injection attack is possible. (CVE-2009-3555) - The
    last seen2020-06-01
    modified2020-06-02
    plugin id45004
    published2010-10-20
    reporterThis script is Copyright (C) 2010-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/45004
    titleApache 2.2.x < 2.2.15 Multiple Vulnerabilities
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(45004);
      script_cvs_date("Date: 2018/11/15 20:50:25");
      script_version("1.37");
    
      script_cve_id(
        "CVE-2007-6750",
        "CVE-2009-3555",
        "CVE-2010-0408",
        "CVE-2010-0425",
        "CVE-2010-0434"
      );
      script_bugtraq_id(21865, 36935, 38491, 38494, 38580);
      script_xref(name:"Secunia", value:"38776");
    
      script_name(english:"Apache 2.2.x < 2.2.15 Multiple Vulnerabilities");
      script_summary(english:"Checks version in Server response header.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote web server is affected by multiple vulnerabilities");
      script_set_attribute(attribute:"description", value:
    "According to its banner, the version of Apache 2.2.x running on the
    remote host is prior to 2.2.15. It is, therefore, potentially affected
    by multiple vulnerabilities :
    
      - A TLS renegotiation prefix injection attack is possible. 
        (CVE-2009-3555)
    
      - The 'mod_proxy_ajp' module returns the wrong status code
        if it encounters an error which causes the back-end 
        server to be put into an error state. (CVE-2010-0408)
    
      - The 'mod_isapi' attempts to unload the 'ISAPI.dll' when
        it encounters various error states which could leave
        call-backs in an undefined state. (CVE-2010-0425)
    
      - A flaw in the core sub-request process code can lead to
        sensitive information from a request being handled by 
        the wrong thread if a multi-threaded environment is
        used. (CVE-2010-0434)
    
      - Added 'mod_reqtimeout' module to mitigate Slowloris
        attacks. (CVE-2007-6750)"
      );
      script_set_attribute(attribute:"see_also", value:"http://httpd.apache.org/security/vulnerabilities_22.html");
      script_set_attribute(attribute:"see_also", value:"https://bz.apache.org/bugzilla/show_bug.cgi?id=48359");
      script_set_attribute(attribute:"see_also", value:"https://archive.apache.org/dist/httpd/CHANGES_2.2.15");
      script_set_attribute(attribute:"solution", value:"Upgrade to Apache version 2.2.15 or later.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
      script_cwe_id(200, 310);
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2010/03/03");
      script_set_attribute(attribute:"patch_publication_date", value:"2010/03/08");
      script_set_attribute(attribute:"plugin_publication_date", value:"2010/10/20");
    
      script_set_attribute(attribute:"plugin_type", value:"remote");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:apache:http_server");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Web Servers");
    
      script_copyright(english:"This script is Copyright (C) 2010-2018 Tenable Network Security, Inc.");
    
      script_dependencies("apache_http_version.nasl");
      script_require_keys("installed_sw/Apache");
      script_require_ports("Services/www", 80);
    
      exit(0);
    }
    
    include("global_settings.inc");
    include("http.inc");
    include("misc_func.inc");
    include("audit.inc");
    include("install_func.inc");
    
    get_install_count(app_name:"Apache", exit_if_zero:TRUE);
    port = get_http_port(default:80);
    install = get_single_install(app_name:"Apache", port:port, exit_if_unknown_ver:TRUE);
    
    # Check if we could get a version first, then check if it was
    # backported
    version = get_kb_item_or_exit('www/apache/'+port+'/version', exit_code:1);
    backported = get_kb_item_or_exit('www/apache/'+port+'/backported', exit_code:1);
    
    if (report_paranoia < 2 && backported) audit(AUDIT_BACKPORT_SERVICE, port, "Apache");
    source = get_kb_item_or_exit('www/apache/'+port+'/source', exit_code:1);
    
    # Check if the version looks like either ServerTokens Major/Minor
    # was used
    if (version =~ '^2(\\.2)?$') exit(1, "The banner from the Apache server listening on port "+port+" - "+source+" - is not granular enough to make a determination.");
    if (version !~ "^\d+(\.\d+)*$") exit(1, "The version of Apache listening on port " + port + " - " + version + " - is non-numeric and, therefore, cannot be used to make a determination.");
    if (version =~ '^2\\.2' && ver_compare(ver:version, fix:'2.2.15') == -1)
    {
      if (report_verbosity > 0)
      {
        report = 
          '\n  Version source    : ' + source +
          '\n  Installed version : ' + version +
          '\n  Fixed version     : 2.2.15\n';
        security_hole(port:port, extra:report);
      }
      else security_hole(port);
      exit(0);
    }
    else audit(AUDIT_LISTEN_NOT_VULN, "Apache", port, install["version"]);
    
  • NASL familySlackware Local Security Checks
    NASL idSLACKWARE_SSA_2010-067-01.NASL
    descriptionNew httpd packages are available for Slackware 12.0, 12.1, 12.2, 13.0, and -current to fix security issues. mod_ssl: A partial fix for the TLS renegotiation prefix injection attack by rejecting any client-initiated renegotiations. mod_proxy_ajp: Respond with HTTP_BAD_REQUEST when the body is not sent when request headers indicate a request body is incoming; not a case of HTTP_INTERNAL_SERVER_ERROR. mod_isapi: Do not unload an isapi .dll module until the request processing is completed, avoiding orphaned callback pointers. [This is the most serious flaw, but does not affect Linux systems]
    last seen2020-06-01
    modified2020-06-02
    plugin id45007
    published2010-03-09
    reporterThis script is Copyright (C) 2010-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/45007
    titleSlackware 12.0 / 12.1 / 12.2 / 13.0 / current : httpd (SSA:2010-067-01)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Slackware Security Advisory 2010-067-01. The text 
    # itself is copyright (C) Slackware Linux, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(45007);
      script_version("1.25");
      script_cvs_date("Date: 2019/10/25 13:36:21");
    
      script_cve_id("CVE-2009-3555", "CVE-2010-0408", "CVE-2010-0425");
      script_bugtraq_id(36935, 38491, 38494);
      script_xref(name:"SSA", value:"2010-067-01");
    
      script_name(english:"Slackware 12.0 / 12.1 / 12.2 / 13.0 / current : httpd (SSA:2010-067-01)");
      script_summary(english:"Checks for updated package in /var/log/packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Slackware host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "New httpd packages are available for Slackware 12.0, 12.1, 12.2,
    13.0, and -current to fix security issues. mod_ssl: A partial fix for
    the TLS renegotiation prefix injection attack by rejecting any
    client-initiated renegotiations. mod_proxy_ajp: Respond with
    HTTP_BAD_REQUEST when the body is not sent when request headers
    indicate a request body is incoming; not a case of
    HTTP_INTERNAL_SERVER_ERROR. mod_isapi: Do not unload an isapi .dll
    module until the request processing is completed, avoiding orphaned
    callback pointers. [This is the most serious flaw, but does not affect
    Linux systems]"
      );
      # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.565682
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?2653dddd"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected httpd package.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
      script_cwe_id(310);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:slackware:slackware_linux:httpd");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:12.0");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:12.1");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:12.2");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:13.0");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2010/03/08");
      script_set_attribute(attribute:"plugin_publication_date", value:"2010/03/09");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2010-2019 Tenable Network Security, Inc.");
      script_family(english:"Slackware Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Slackware/release", "Host/Slackware/packages");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("slackware.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Slackware/release")) audit(AUDIT_OS_NOT, "Slackware");
    if (!get_kb_item("Host/Slackware/packages")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Slackware", cpu);
    
    
    flag = 0;
    if (slackware_check(osver:"12.0", pkgname:"httpd", pkgver:"2.2.15", pkgarch:"i486", pkgnum:"1_slack12.0")) flag++;
    
    if (slackware_check(osver:"12.1", pkgname:"httpd", pkgver:"2.2.15", pkgarch:"i486", pkgnum:"1_slack12.1")) flag++;
    
    if (slackware_check(osver:"12.2", pkgname:"httpd", pkgver:"2.2.15", pkgarch:"i486", pkgnum:"1_slack12.2")) flag++;
    
    if (slackware_check(osver:"13.0", pkgname:"httpd", pkgver:"2.2.15", pkgarch:"i486", pkgnum:"1_slack13.0")) flag++;
    if (slackware_check(osver:"13.0", arch:"x86_64", pkgname:"httpd", pkgver:"2.2.15", pkgarch:"x86_64", pkgnum:"1_slack13.0")) flag++;
    
    if (slackware_check(osver:"current", pkgname:"httpd", pkgver:"2.2.15", pkgarch:"i486", pkgnum:"1")) flag++;
    if (slackware_check(osver:"current", arch:"x86_64", pkgname:"httpd", pkgver:"2.2.15", pkgarch:"x86_64", pkgnum:"1")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:slackware_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyWeb Servers
    NASL idORACLE_HTTP_SERVER_CPU_JUL_2013.NASL
    descriptionAccording to its banner, the version of Oracle HTTP Server installed on the remote host is potentially affected by multiple vulnerabilities. Note that Nessus did not verify if patches or workarounds have been applied.
    last seen2020-06-01
    modified2020-06-02
    plugin id69301
    published2013-08-11
    reporterThis script is Copyright (C) 2013-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/69301
    titleOracle Fusion Middleware Oracle HTTP Server Multiple Vulnerabilities
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(69301);
      script_version("1.11");
      script_cvs_date("Date: 2018/11/15 20:50:25");
    
      script_cve_id(
        "CVE-2005-3352",
        "CVE-2006-5752",
        "CVE-2007-3847",
        "CVE-2007-5000",
        "CVE-2007-6388",
        "CVE-2008-2364",
        "CVE-2010-0425",
        "CVE-2010-0434",
        "CVE-2010-2068",
        "CVE-2011-0419",
        "CVE-2011-3348",
        "CVE-2012-2687"
      );
      script_bugtraq_id(
        15834,
        24645,
        25489,
        26838,
        27237,
        29653,
        38494,
        40827,
        47820,
        49616,
        55131
      );
      script_xref(name:"CERT", value:"280613");
    
      script_name(english:"Oracle Fusion Middleware Oracle HTTP Server Multiple Vulnerabilities");
      script_summary(english:"Checks version of Oracle HTTP Server");
    
      script_set_attribute(
        attribute:"synopsis",
        value:"The remote web server may be affected by multiple vulnerabilities."
      );
      script_set_attribute(
        attribute:"description",
        value:
    "According to its banner, the version of Oracle HTTP Server installed on
    the remote host is potentially affected by multiple vulnerabilities. 
    
    Note that Nessus did not verify if patches or workarounds have been
    applied."
      );
      # https://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?e1cbd417");
      # https://support.oracle.com/epmos/faces/DocumentDisplay?_afrLoop=45348489407964&id=1548709.1
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?2e9008fd");
      # https://support.oracle.com/epmos/faces/ui/patch/PatchDetail.jspx?patchId=16802903
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?2ab0c223");
      script_set_attribute(attribute:"solution", value:"Apply the July 2013 CPU.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
      script_cwe_id(79, 200, 399);
    script_set_attribute(attribute:"vuln_publication_date", value:"2013/07/16");
      script_set_attribute(attribute:"patch_publication_date", value:"2013/07/16");
      script_set_attribute(attribute:"plugin_publication_date", value:"2013/08/11");
    
      script_set_attribute(attribute:"plugin_type", value:"remote");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:http_server");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Web Servers");
    
      script_copyright(english:"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.");
    
      script_dependencies("oracle_http_server_version.nasl");
      script_require_keys("www/oracle", "Settings/PCI_DSS");
      script_require_ports("Services/www", 80);
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("http.inc");
    include("misc_func.inc");
    
    # Only PCI considers this an issue.
    if (!get_kb_item("Settings/PCI_DSS")) audit(AUDIT_PCI);
    
    port = get_http_port(default:80);
    
    # Make sure this is Oracle.
    get_kb_item_or_exit("www/"+port+"/oracle");
    
    # Get version information from the KB.
    version = get_kb_item_or_exit("www/oracle/"+port+"/version", exit_code:1);
    source = get_kb_item_or_exit("www/oracle/"+port+"/source", exit_code:1);
    
    # Check if the remote server is affected. There is a patch in the CPU
    # for this version. No other versions can be patched by this CPU.
    if (version != "10.1.3.5.0")
    audit(AUDIT_LISTEN_NOT_VULN, "Oracle Application Server", port, version);
    
    set_kb_item(name:'www/'+port+'/XSS', value:TRUE);
    
    if (report_verbosity > 0)
    {
      report =
        '\n  Version source    : ' + source +
        '\n  Installed version : ' + version +
        '\n';
      security_hole(port:port, extra:report);
    }
    else security_hole(port);
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2017-2907-1.NASL
    descriptionThis update for apache2 fixes the following issues : - Allow disabling SNI on proxy connections using
    last seen2020-06-01
    modified2020-06-02
    plugin id104270
    published2017-10-31
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/104270
    titleSUSE SLES11 Security Update : apache2 (SUSE-SU-2017:2907-1) (Optionsbleed)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from SUSE update advisory SUSE-SU-2017:2907-1.
    # The text itself is copyright (C) SUSE.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(104270);
      script_version("3.9");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/30");
    
      script_cve_id("CVE-2009-2699", "CVE-2010-0425", "CVE-2012-0021", "CVE-2014-0118", "CVE-2017-3167", "CVE-2017-3169", "CVE-2017-7668", "CVE-2017-7679", "CVE-2017-9798");
      script_bugtraq_id(36596, 38494, 51705, 68745);
    
      script_name(english:"SUSE SLES11 Security Update : apache2 (SUSE-SU-2017:2907-1) (Optionsbleed)");
      script_summary(english:"Checks rpm output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis",
        value:"The remote SUSE host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description",
        value:
    "This update for apache2 fixes the following issues :
    
      - Allow disabling SNI on proxy connections using 'SetEnv
        proxy-disable-sni 1' in the configuration files.
        (bsc#1052830)
    
      - Allow ECDH again in mod_ssl, it had been incorrectly
        disabled with the 2.2.34 update. (bsc#1064561) Following
        security issue has been fixed :
    
      - CVE-2017-9798: A use-after-free in the OPTIONS command
        could be used by attackers to disclose memory of the
        apache server process, when htaccess uses incorrect
        Limit statement. (bsc#1058058) Additionally, references
        to the following security issues, fixed by the previous
        version-update of apache2 to Apache HTTPD 2.2.34 have
        been added :
    
      - CVE-2017-7668: The HTTP strict parsing introduced a bug
        in token list parsing, which allowed ap_find_token() to
        search past the end of its input string. By maliciously
        crafting a sequence of request headers, an attacker may
        have be able to cause a segmentation fault, or to force
        ap_find_token() to return an incorrect value.
        (bsc#1045061)
    
      - CVE-2017-3169: mod_ssl may have de-referenced a NULL
        pointer when third-party modules call
        ap_hook_process_connection() during an HTTP request to
        an HTTPS port allowing for DoS. (bsc#1045062)
    
      - CVE-2017-3167: Use of the ap_get_basic_auth_pw() by
        third-party modules outside of the authentication phase
        may have lead to authentication requirements being
        bypassed. (bsc#1045065)
    
      - CVE-2017-7679: mod_mime could have read one byte past
        the end of a buffer when sending a malicious
        Content-Type response header. (bsc#1045060)
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the SUSE security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1045060"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1045061"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1045062"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1045065"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1052830"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1058058"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1064561"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2009-2699/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2010-0425/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2012-0021/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2014-0118/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-3167/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-3169/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-7668/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-7679/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-9798/"
      );
      # https://www.suse.com/support/update/announcement/2017/suse-su-20172907-1/
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?084963fe"
      );
      script_set_attribute(
        attribute:"solution",
        value:
    "To install this SUSE Security Update use YaST online_update.
    Alternatively you can run the command listed for your product :
    
    SUSE Studio Onsite 1.3:zypper in -t patch slestso13-apache2-13331=1
    
    SUSE Linux Enterprise Software Development Kit 11-SP4:zypper in -t
    patch sdksp4-apache2-13331=1
    
    SUSE Linux Enterprise Server 11-SP4:zypper in -t patch
    slessp4-apache2-13331=1
    
    SUSE Linux Enterprise Server 11-SP3-LTSS:zypper in -t patch
    slessp3-apache2-13331=1
    
    SUSE Linux Enterprise Point of Sale 11-SP3:zypper in -t patch
    sleposp3-apache2-13331=1
    
    SUSE Linux Enterprise Debuginfo 11-SP4:zypper in -t patch
    dbgsp4-apache2-13331=1
    
    SUSE Linux Enterprise Debuginfo 11-SP3:zypper in -t patch
    dbgsp3-apache2-13331=1
    
    To bring your system up-to-date, use 'zypper patch'."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:apache2");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:apache2-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:apache2-doc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:apache2-example-pages");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:apache2-prefork");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:apache2-utils");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:apache2-worker");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:11");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2009/10/13");
      script_set_attribute(attribute:"patch_publication_date", value:"2017/10/30");
      script_set_attribute(attribute:"plugin_publication_date", value:"2017/10/31");
      script_set_attribute(attribute:"in_the_news", value:"true");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
    os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
    os_ver = os_ver[1];
    if (! preg(pattern:"^(SLES11)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLES11", "SUSE " + os_ver);
    
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);
    
    sp = get_kb_item("Host/SuSE/patchlevel");
    if (isnull(sp)) sp = "0";
    if (os_ver == "SLES11" && (! preg(pattern:"^(3|4)$", string:sp))) audit(AUDIT_OS_NOT, "SLES11 SP3/4", os_ver + " SP" + sp);
    
    
    flag = 0;
    if (rpm_check(release:"SLES11", sp:"4", reference:"apache2-2.2.34-70.12.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", reference:"apache2-doc-2.2.34-70.12.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", reference:"apache2-example-pages-2.2.34-70.12.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", reference:"apache2-prefork-2.2.34-70.12.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", reference:"apache2-utils-2.2.34-70.12.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", reference:"apache2-worker-2.2.34-70.12.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", reference:"apache2-2.2.34-70.12.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", reference:"apache2-devel-2.2.34-70.12.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", reference:"apache2-doc-2.2.34-70.12.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", reference:"apache2-example-pages-2.2.34-70.12.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", reference:"apache2-prefork-2.2.34-70.12.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", reference:"apache2-utils-2.2.34-70.12.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", reference:"apache2-worker-2.2.34-70.12.1")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "apache2");
    }
    
  • NASL familyWeb Servers
    NASL idAPACHE_2_0_64.NASL
    descriptionAccording to its banner, the version of Apache 2.0.x running on the remote host is prior to 2.0.64. It is, therefore, affected by the following vulnerabilities : - An unspecified error exists in the handling of requests without a path segment. (CVE-2010-1452) - Several modules, including
    last seen2020-06-01
    modified2020-06-02
    plugin id50069
    published2010-10-20
    reporterThis script is Copyright (C) 2010-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/50069
    titleApache 2.0.x < 2.0.64 Multiple Vulnerabilities
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(50069);
      script_cvs_date("Date: 2018/06/29 12:01:03");
      script_version("1.33");
    
      script_cve_id(
        "CVE-2008-2364",
        "CVE-2008-2939",
        "CVE-2009-1891",
        "CVE-2009-2412",
        "CVE-2009-3094",
        "CVE-2009-3095",
        "CVE-2009-3555",
        "CVE-2009-3560",
        "CVE-2009-3720",
        "CVE-2010-0425",
        "CVE-2010-0434",
        "CVE-2010-1452",
        "CVE-2010-1623"
      );
      script_bugtraq_id(29653, 30560, 35949, 38494);
      script_xref(name:"Secunia", value:"30261");
      script_xref(name:"Secunia", value:"31384");
      script_xref(name:"Secunia", value:"35781");
      script_xref(name:"Secunia", value:"36549");
      script_xref(name:"Secunia", value:"36675");
      script_xref(name:"Secunia", value:"38776");
    
      script_name(english:"Apache 2.0.x < 2.0.64 Multiple Vulnerabilities");
      script_summary(english:"Checks version in Server response header");
     
      script_set_attribute(attribute:"synopsis", value:
    "The remote web server is affected by multiple vulnerabilities.");
      script_set_attribute(attribute:"description", value:
    "According to its banner, the version of Apache 2.0.x running on the
    remote host is prior to 2.0.64. It is, therefore, affected by the
    following vulnerabilities :
    
      - An unspecified error exists in the handling of requests
        without a path segment. (CVE-2010-1452)
    
      - Several modules, including 'mod_deflate', are 
        vulnerable to a denial of service attack as the
        server can be forced to utilize CPU time compressing
        a large file after client disconnect. (CVE-2009-1891)
    
      - An unspecified error exists in 'mod_proxy' related to 
        filtration of authentication credentials. 
        (CVE-2009-3095)
     
      - A NULL pointer dereference issue exists in 
        'mod_proxy_ftp' in some error handling paths.
        (CVE-2009-3094)
    
      - An error exists in 'mod_ssl' making the server
        vulnerable to the TLC renegotiation prefix injection
        attack. (CVE-2009-3555)
    
      - An error exists in the handling of subrequests such
        that the parent request headers may be corrupted.
        (CVE-2010-0434)
    
      - An error exists in 'mod_proxy_http' when handling excessive
        interim responses making it vulnerable to a denial of
        service attack. (CVE-2008-2364)
    
      - An error exists in 'mod_isapi' that allows the module
        to be unloaded too early, which leaves orphaned callback
        pointers. (CVE-2010-0425)
    
      - An error exists in 'mod_proxy_ftp' when wildcards are
        in an FTP URL, which allows for cross-site scripting
        attacks. (CVE-2008-2939)
    
    Note that the remote web server may not actually be affected by these
    vulnerabilities.  Nessus did not try to determine whether the affected
    modules are in use or to check for the issues themselves."
      );
      script_set_attribute(attribute:"see_also", value:"https://archive.apache.org/dist/httpd/CHANGES_2.0.64");
      # https://web.archive.org/web/20101028103804/http://httpd.apache.org/security/vulnerabilities_20.html
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?6dea6c32");
      script_set_attribute(attribute:"solution", value:
    "Upgrade to Apache version 2.0.64 or later. Alternatively, ensure that
    the affected modules are not in use.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
      script_cwe_id(79, 119, 189, 200, 264, 310, 399);
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2008/06/10");
      script_set_attribute(attribute:"patch_publication_date", value:"2010/10/19");
      script_set_attribute(attribute:"plugin_publication_date", value:"2010/10/20");
    
      script_set_attribute(attribute:"plugin_type", value: "remote");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:apache:http_server");
      script_end_attributes();
     
      script_category(ACT_GATHER_INFO);
      script_family(english:"Web Servers");
    
      script_copyright(english:"This script is Copyright (C) 2010-2018 Tenable Network Security, Inc.");
    
      script_dependencies("apache_http_version.nasl");
      script_require_keys("installed_sw/Apache");
      script_require_ports("Services/www", 80);
    
      exit(0);
    }
    
    include("global_settings.inc");
    include("misc_func.inc");
    include("http.inc");
    include("audit.inc");
    include("install_func.inc");
    
    get_install_count(app_name:"Apache", exit_if_zero:TRUE);
    port = get_http_port(default:80);
    install = get_single_install(app_name:"Apache", port:port, exit_if_unknown_ver:TRUE);
    
    # Check if we could get a version first, then check if it was
    # backported
    version = get_kb_item_or_exit('www/apache/'+port+'/version', exit_code:1);
    backported = get_kb_item_or_exit('www/apache/'+port+'/backported', exit_code:1);
    
    if (report_paranoia < 2 && backported) audit(AUDIT_BACKPORT_SERVICE, port, "Apache");
    source = get_kb_item_or_exit('www/apache/'+port+'/source', exit_code:1);
    
    # Check if the version looks like either ServerTokens Major/Minor
    # was used
    if (version =~ '^2(\\.0)?$') exit(1, "The banner from the Apache server listening on port "+port+" - "+source+" - is not granular enough to make a determination.");
    if (version !~ "^\d+(\.\d+)*$") exit(1, "The version of Apache listening on port " + port + " - " + version + " - is non-numeric and, therefore, cannot be used to make a determination.");
    if (version =~ '^2\\.0' && ver_compare(ver:version, fix:'2.0.64') == -1)
    {
      set_kb_item(name:"www/"+port+"/XSS", value:TRUE);
      if (report_verbosity > 0)
      {
        report = 
          '\n  Version source    : ' + source +
          '\n  Installed version : ' + version +
          '\n  Fixed version     : 2.0.64\n';
        security_hole(port:port, extra:report);
      }
      else security_hole(port);
      exit(0);
    }
    else audit(AUDIT_LISTEN_NOT_VULN, "Apache", port, install["version"]);
    

Oval

accepted2014-07-14T04:01:29.593-04:00
classvulnerability
contributors
  • nameJ. Daniel Brown
    organizationDTCC
  • nameMike Lah
    organizationThe MITRE Corporation
  • nameShane Shaffer
    organizationG2, Inc.
  • nameMaria Mikhno
    organizationALTX-SOFT
definition_extensions
commentApache HTTP Server 2.2.x is installed on the system
ovaloval:org.mitre.oval:def:8550
descriptionmodules/arch/win32/mod_isapi.c in mod_isapi in the Apache HTTP Server 2.0.37 through 2.0.63, 2.2.0 through 2.2.14, and 2.3.x before 2.3.7, when running on Windows, does not ensure that request processing is complete before calling isapi_unload for an ISAPI .dll module, which allows remote attackers to execute arbitrary code via unspecified vectors related to a crafted request, a reset packet, and "orphaned callback pointers."
familywindows
idoval:org.mitre.oval:def:8439
statusaccepted
submitted2010-03-08T17:30:00.000-05:00
titleApache 'mod_isapi' Memory Corruption Vulnerability
version11

Packetstorm

data sourcehttps://packetstormsecurity.com/files/download/86964/pwn-isapi.cpp.txt
idPACKETSTORM:86964
last seen2016-12-05
published2010-03-06
reporterBrett Gervasoni
sourcehttps://packetstormsecurity.com/files/86964/Apache-2.2.14-mod_isapi-Remote-SYSTEM-Exploit.html
titleApache 2.2.14 mod_isapi Remote SYSTEM Exploit

Seebug

  • bulletinFamilyexploit
    descriptionNo description provided by source.
    idSSV:69341
    last seen2017-11-19
    modified2014-07-01
    published2014-07-01
    reporterRoot
    sourcehttps://www.seebug.org/vuldb/ssvid-69341
    titleWrite-to-file Shellcode (Win32)
  • bulletinFamilyexploit
    descriptionNo description provided by source.
    idSSV:19236
    last seen2017-11-19
    modified2010-03-07
    published2010-03-07
    reporterRoot
    sourcehttps://www.seebug.org/vuldb/ssvid-19236
    titleApache 2.2.14 mod_isapi Dangling Pointer Remote SYSTEM Exploit
  • bulletinFamilyexploit
    descriptionCVE:CVE-2010-0425 Apache is prone to a memory-corruption vulnerability. Attackers can leverage this vulnerability to execute arbitrary code with SYSTEM privileges; failed attacks may result in denial-of-service conditions. Apache versions prior to 2.2.15 are affected. Slackware Linux x86_64 -current Slackware Linux 13.0 x86_64 Slackware Linux 13.0 Slackware Linux 12.2 Slackware Linux 12.1 Slackware Linux 12.0 Slackware Linux -current IBM HTTP Server 6.1.0 Apache Software Foundation Apache 2.2.14 Apache Software Foundation Apache 2.2.13 Apache Software Foundation Apache 2.2.12 Apache Software Foundation Apache 2.2.11 Apache Software Foundation Apache 2.2.10 Apache Software Foundation Apache 2.2.9 + Adobe Flash Media Server 3.5.3 + Adobe Flash Media Server 3.5.2 + Adobe Flash Media Server 3.5.1 Apache Software Foundation Apache 2.2.8 Apache Software Foundation Apache 2.2.6 Apache Software Foundation Apache 2.2.5 Apache Software Foundation Apache 2.2.4 Apache Software Foundation Apache 2.2.3 Apache Software Foundation Apache 2.2.2 Apache Software Foundation Apache 2.2 .0 Apache Software Foundation Apache 2.0.63 Apache Software Foundation Apache 2.0.59 Apache Software Foundation Apache 2.0.58 + Debian Linux 3.1 sparc + Debian Linux 3.1 s/390 + Debian Linux 3.1 ppc + Debian Linux 3.1 mipsel + Debian Linux 3.1 mips + Debian Linux 3.1 m68k + Debian Linux 3.1 ia-64 + Debian Linux 3.1 ia-32 + Debian Linux 3.1 hppa + Debian Linux 3.1 arm + Debian Linux 3.1 amd64 + Debian Linux 3.1 alpha + Debian Linux 3.1 Apache Software Foundation Apache 2.0.56 -dev Apache Software Foundation Apache 2.0.55 Apache Software Foundation Apache 2.0.54 + Debian Linux 3.1 sparc + Debian Linux 3.1 s/390 + Debian Linux 3.1 ppc + Debian Linux 3.1 mipsel + Debian Linux 3.1 mips + Debian Linux 3.1 m68k + Debian Linux 3.1 ia-64 + Debian Linux 3.1 ia-32 + Debian Linux 3.1 hppa + Debian Linux 3.1 arm + Debian Linux 3.1 amd64 + Debian Linux 3.1 alpha + Debian Linux 3.1 Apache Software Foundation Apache 2.0.53 Apache Software Foundation Apache 2.0.52 + Apple Mac OS X 10.3.6 + Apple Mac OS X 10.2.8 + Apple Mac OS X Server 10.3.6 + Apple Mac OS X Server 10.2.8 + RedHat Desktop 4.0 + RedHat Enterprise Linux AS 4 + RedHat Enterprise Linux ES 4 + RedHat Enterprise Linux WS 4 + Sun Solaris 10 Apache Software Foundation Apache 2.0.52 Apache Software Foundation Apache 2.0.51 + RedHat Fedora Core2 + RedHat Fedora Core1 Apache Software Foundation Apache 2.0.50 + MandrakeSoft Linux Mandrake 10.1 x86_64 + MandrakeSoft Linux Mandrake 10.1 Apache Software Foundation Apache 2.0.50 Apache Software Foundation Apache 2.0.49 + S.u.S.E. Linux Personal 9.1 + Trustix Secure Linux 2.1 + Trustix Secure Linux 2.0 Apache Software Foundation Apache 2.0.48 + MandrakeSoft Linux Mandrake 10.0 AMD64 + MandrakeSoft Linux Mandrake 10.0 + S.u.S.E. Linux 8.1 + S.u.S.E. Linux Personal 9.0 x86_64 + S.u.S.E. Linux Personal 9.0 + S.u.S.E. Linux Personal 8.2 + Trustix Secure Linux 2.1 + Trustix Secure Linux 2.0 Apache Software Foundation Apache 2.0.47 + Apple Mac OS X Server 10.3.5 + Apple Mac OS X Server 10.3.4 + Apple Mac OS X Server 10.3.3 + Apple Mac OS X Server 10.3.2 + Apple Mac OS X Server 10.3.1 + Apple Mac OS X Server 10.3 + Apple Mac OS X Server 10.2.8 + Apple Mac OS X Server 10.2.7 + Apple Mac OS X Server 10.2.6 + Apple Mac OS X Server 10.2.5 + Apple Mac OS X Server 10.2.4 + Apple Mac OS X Server 10.2.3 + Apple Mac OS X Server 10.2.2 + Apple Mac OS X Server 10.2.1 + Apple Mac OS X Server 10.2 + Apple Mac OS X Server 10.1.5 + Apple Mac OS X Server 10.1.4 + Apple Mac OS X Server 10.1.3 + Apple Mac OS X Server 10.1.2 + Apple Mac OS X Server 10.1.1 + Apple Mac OS X Server 10.1 + MandrakeSoft Linux Mandrake 9.2 amd64 + MandrakeSoft Linux Mandrake 9.2 + MandrakeSoft Linux Mandrake 9.1 ppc + MandrakeSoft Linux Mandrake 9.1 Apache Software Foundation Apache 2.0.46 + RedHat Desktop 3.0 + RedHat Enterprise Linux AS 3 + RedHat Enterprise Linux ES 3 + RedHat Enterprise Linux WS 3 + Trustix Secure Linux 2.0 Apache Software Foundation Apache 2.0.46 Apache Software Foundation Apache 2.0.45 - Apple Mac OS X 10.2.6 - Apple Mac OS X 10.2.5 - Apple Mac OS X 10.2.4 - Apple Mac OS X 10.2.3 - Apple Mac OS X 10.2.2 - Apple Mac OS X 10.2.1 - Apple Mac OS X 10.2 - Apple Mac OS X 10.1.5 - Apple Mac OS X 10.1.4 - Apple Mac OS X 10.1.3 - Apple Mac OS X 10.1.2 - Apple Mac OS X 10.1.1 - Apple Mac OS X 10.1 - Apple Mac OS X 10.1 - Apple Mac OS X 10.0.4 - Apple Mac OS X 10.0.3 - Apple Mac OS X 10.0.2 - Apple Mac OS X 10.0.1 - Apple Mac OS X 10.0 + Conectiva Linux 9.0 Apache Software Foundation Apache 2.0.44 Apache Software Foundation Apache 2.0.43 Apache Software Foundation Apache 2.0.42 + Gentoo Linux 1.4 _rc1 + Gentoo Linux 1.2 Apache Software Foundation Apache 2.0.41 Apache Software Foundation Apache 2.0.40 + RedHat Linux 9.0 i386 + RedHat Linux 8.0 + Terra Soft Solutions Yellow Dog Linux 3.0 Apache Software Foundation Apache 2.0.39 Apache Software Foundation Apache 2.0.38 Apache Software Foundation Apache 2.0.37 Apache Software Foundation Apache 2.2.7-dev Apache Software Foundation Apache 2.2.6-dev Apache Software Foundation Apache 2.2.5-dev Apache Software Foundation Apache 2.2.1 Apache Software Foundation Apache 2.2 Apache Software Foundation Apache 2.0.62-dev Apache Software Foundation Apache 2.0.61-dev Apache Software Foundation Apache 2.0.60-dev Apache Software Foundation Apache 2.0.58 Apache Software Foundation Apache 2.0.57 Slackware Linux x86_64 -current * Slackware httpd-2.2.15-x86_64-1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/ n/httpd-2.2.15-x86_64-1.txz Slackware Linux 12.0 * Slackware httpd-2.2.15-i486-1_slack12.0.tgz ftp://ftp.slackware.com/pub/slackware/slackware-12.0/patches/packages/ httpd-2.2.15-i486-1_slack12.0.tgz Slackware Linux -current * Slackware httpd-2.2.15-i486-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/ht tpd-2.2.15-i486-1.txz Slackware Linux 12.2 * Slackware httpd-2.2.15-i486-1_slack12.2.tgz ftp://ftp.slackware.com/pub/slackware/slackware-12.2/patches/packages/ httpd-2.2.15-i486-1_slack12.2.tgz Slackware Linux 13.0 x86_64 * Slackware httpd-2.2.15-x86_64-1_slack13.0.txz ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/package s/httpd-2.2.15-x86_64-1_slack13.0.txz Slackware Linux 12.1 * Slackware httpd-2.2.15-i486-1_slack12.1.tgz ftp://ftp.slackware.com/pub/slackware/slackware-12.1/patches/packages/ httpd-2.2.15-i486-1_slack12.1.tgz Slackware Linux 13.0 * Slackware httpd-2.2.15-i486-1_slack13.0.txz ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/ httpd-2.2.15-i486-1_slack13.0.txz
    idSSV:19282
    last seen2017-11-19
    modified2010-03-17
    published2010-03-17
    reporterRoot
    sourcehttps://www.seebug.org/vuldb/ssvid-19282
    titleApache 'mod_isapi' Memory Corruption Vulnerability

References