Vulnerabilities > CVE-2010-0425 - Unspecified vulnerability in Apache Http Server
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
modules/arch/win32/mod_isapi.c in mod_isapi in the Apache HTTP Server 2.0.37 through 2.0.63, 2.2.0 through 2.2.14, and 2.3.x before 2.3.7, when running on Windows, does not ensure that request processing is complete before calling isapi_unload for an ISAPI .dll module, which allows remote attackers to execute arbitrary code via unspecified vectors related to a crafted request, a reset packet, and "orphaned callback pointers."
Vulnerable Configurations
Exploit-Db
description Write-to-file Shellcode (Win32). CVE-2010-0425. Shellcode exploits for multiple platform id EDB-ID:14288 last seen 2016-02-01 modified 2010-07-09 published 2010-07-09 reporter Brett Gervasoni source https://www.exploit-db.com/download/14288/ title Write-to-file Shellcode Win32 description Apache 2.2.14 mod_isapi Dangling Pointer Remote SYSTEM Exploit. CVE-2010-0425. Remote exploit for windows platform id EDB-ID:11650 last seen 2016-02-01 modified 2010-03-07 published 2010-03-07 reporter Brett Gervasoni source https://www.exploit-db.com/download/11650/ title Apache 2.2.14 mod_isapi - Dangling Pointer Remote SYSTEM Exploit
Metasploit
description | This module triggers a use-after-free vulnerability in the Apache Software Foundation mod_isapi extension for versions 2.2.14 and earlier. In order to reach the vulnerable code, the target server must have an ISAPI module installed and configured. By making a request that terminates abnormally (either an aborted TCP connection or an unsatisfied chunked request), mod_isapi will unload the ISAPI extension. Later, if another request comes for that ISAPI module, previously obtained pointers will be used resulting in an access violation or potentially arbitrary code execution. Although arbitrary code execution is theoretically possible, a real-world method of invoking this consequence has not been proven. In order to do so, one would need to find a situation where a particular ISAPI module loads at an image base address that can be re-allocated by a remote attacker. Limited success was encountered using two separate ISAPI modules. In this scenario, a second ISAPI module was loaded into the same memory area as the previously unloaded module. |
id | MSF:AUXILIARY/DOS/HTTP/APACHE_MOD_ISAPI |
last seen | 2020-06-14 |
modified | 1976-01-01 |
published | 1976-01-01 |
references | |
reporter | Rapid7 |
source | https://github.com/rapid7/metasploit-framework/blob/master//modules/auxiliary/dos/http/apache_mod_isapi.rb |
title | Apache mod_isapi Dangling Pointer |
Nessus
NASL family Web Servers NASL id APACHE_2_2_15.NASL description According to its banner, the version of Apache 2.2.x running on the remote host is prior to 2.2.15. It is, therefore, potentially affected by multiple vulnerabilities : - A TLS renegotiation prefix injection attack is possible. (CVE-2009-3555) - The last seen 2020-06-01 modified 2020-06-02 plugin id 45004 published 2010-10-20 reporter This script is Copyright (C) 2010-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/45004 title Apache 2.2.x < 2.2.15 Multiple Vulnerabilities code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(45004); script_cvs_date("Date: 2018/11/15 20:50:25"); script_version("1.37"); script_cve_id( "CVE-2007-6750", "CVE-2009-3555", "CVE-2010-0408", "CVE-2010-0425", "CVE-2010-0434" ); script_bugtraq_id(21865, 36935, 38491, 38494, 38580); script_xref(name:"Secunia", value:"38776"); script_name(english:"Apache 2.2.x < 2.2.15 Multiple Vulnerabilities"); script_summary(english:"Checks version in Server response header."); script_set_attribute(attribute:"synopsis", value: "The remote web server is affected by multiple vulnerabilities"); script_set_attribute(attribute:"description", value: "According to its banner, the version of Apache 2.2.x running on the remote host is prior to 2.2.15. It is, therefore, potentially affected by multiple vulnerabilities : - A TLS renegotiation prefix injection attack is possible. (CVE-2009-3555) - The 'mod_proxy_ajp' module returns the wrong status code if it encounters an error which causes the back-end server to be put into an error state. (CVE-2010-0408) - The 'mod_isapi' attempts to unload the 'ISAPI.dll' when it encounters various error states which could leave call-backs in an undefined state. (CVE-2010-0425) - A flaw in the core sub-request process code can lead to sensitive information from a request being handled by the wrong thread if a multi-threaded environment is used. (CVE-2010-0434) - Added 'mod_reqtimeout' module to mitigate Slowloris attacks. (CVE-2007-6750)" ); script_set_attribute(attribute:"see_also", value:"http://httpd.apache.org/security/vulnerabilities_22.html"); script_set_attribute(attribute:"see_also", value:"https://bz.apache.org/bugzilla/show_bug.cgi?id=48359"); script_set_attribute(attribute:"see_also", value:"https://archive.apache.org/dist/httpd/CHANGES_2.2.15"); script_set_attribute(attribute:"solution", value:"Upgrade to Apache version 2.2.15 or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_core", value:"true"); script_cwe_id(200, 310); script_set_attribute(attribute:"vuln_publication_date", value:"2010/03/03"); script_set_attribute(attribute:"patch_publication_date", value:"2010/03/08"); script_set_attribute(attribute:"plugin_publication_date", value:"2010/10/20"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_set_attribute(attribute:"cpe", value:"cpe:/a:apache:http_server"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Web Servers"); script_copyright(english:"This script is Copyright (C) 2010-2018 Tenable Network Security, Inc."); script_dependencies("apache_http_version.nasl"); script_require_keys("installed_sw/Apache"); script_require_ports("Services/www", 80); exit(0); } include("global_settings.inc"); include("http.inc"); include("misc_func.inc"); include("audit.inc"); include("install_func.inc"); get_install_count(app_name:"Apache", exit_if_zero:TRUE); port = get_http_port(default:80); install = get_single_install(app_name:"Apache", port:port, exit_if_unknown_ver:TRUE); # Check if we could get a version first, then check if it was # backported version = get_kb_item_or_exit('www/apache/'+port+'/version', exit_code:1); backported = get_kb_item_or_exit('www/apache/'+port+'/backported', exit_code:1); if (report_paranoia < 2 && backported) audit(AUDIT_BACKPORT_SERVICE, port, "Apache"); source = get_kb_item_or_exit('www/apache/'+port+'/source', exit_code:1); # Check if the version looks like either ServerTokens Major/Minor # was used if (version =~ '^2(\\.2)?$') exit(1, "The banner from the Apache server listening on port "+port+" - "+source+" - is not granular enough to make a determination."); if (version !~ "^\d+(\.\d+)*$") exit(1, "The version of Apache listening on port " + port + " - " + version + " - is non-numeric and, therefore, cannot be used to make a determination."); if (version =~ '^2\\.2' && ver_compare(ver:version, fix:'2.2.15') == -1) { if (report_verbosity > 0) { report = '\n Version source : ' + source + '\n Installed version : ' + version + '\n Fixed version : 2.2.15\n'; security_hole(port:port, extra:report); } else security_hole(port); exit(0); } else audit(AUDIT_LISTEN_NOT_VULN, "Apache", port, install["version"]);
NASL family Slackware Local Security Checks NASL id SLACKWARE_SSA_2010-067-01.NASL description New httpd packages are available for Slackware 12.0, 12.1, 12.2, 13.0, and -current to fix security issues. mod_ssl: A partial fix for the TLS renegotiation prefix injection attack by rejecting any client-initiated renegotiations. mod_proxy_ajp: Respond with HTTP_BAD_REQUEST when the body is not sent when request headers indicate a request body is incoming; not a case of HTTP_INTERNAL_SERVER_ERROR. mod_isapi: Do not unload an isapi .dll module until the request processing is completed, avoiding orphaned callback pointers. [This is the most serious flaw, but does not affect Linux systems] last seen 2020-06-01 modified 2020-06-02 plugin id 45007 published 2010-03-09 reporter This script is Copyright (C) 2010-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/45007 title Slackware 12.0 / 12.1 / 12.2 / 13.0 / current : httpd (SSA:2010-067-01) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Slackware Security Advisory 2010-067-01. The text # itself is copyright (C) Slackware Linux, Inc. # include("compat.inc"); if (description) { script_id(45007); script_version("1.25"); script_cvs_date("Date: 2019/10/25 13:36:21"); script_cve_id("CVE-2009-3555", "CVE-2010-0408", "CVE-2010-0425"); script_bugtraq_id(36935, 38491, 38494); script_xref(name:"SSA", value:"2010-067-01"); script_name(english:"Slackware 12.0 / 12.1 / 12.2 / 13.0 / current : httpd (SSA:2010-067-01)"); script_summary(english:"Checks for updated package in /var/log/packages"); script_set_attribute( attribute:"synopsis", value:"The remote Slackware host is missing a security update." ); script_set_attribute( attribute:"description", value: "New httpd packages are available for Slackware 12.0, 12.1, 12.2, 13.0, and -current to fix security issues. mod_ssl: A partial fix for the TLS renegotiation prefix injection attack by rejecting any client-initiated renegotiations. mod_proxy_ajp: Respond with HTTP_BAD_REQUEST when the body is not sent when request headers indicate a request body is incoming; not a case of HTTP_INTERNAL_SERVER_ERROR. mod_isapi: Do not unload an isapi .dll module until the request processing is completed, avoiding orphaned callback pointers. [This is the most serious flaw, but does not affect Linux systems]" ); # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.565682 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?2653dddd" ); script_set_attribute(attribute:"solution", value:"Update the affected httpd package."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_core", value:"true"); script_cwe_id(310); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:slackware:slackware_linux:httpd"); script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux"); script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:12.0"); script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:12.1"); script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:12.2"); script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:13.0"); script_set_attribute(attribute:"patch_publication_date", value:"2010/03/08"); script_set_attribute(attribute:"plugin_publication_date", value:"2010/03/09"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2010-2019 Tenable Network Security, Inc."); script_family(english:"Slackware Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Slackware/release", "Host/Slackware/packages"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("slackware.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Slackware/release")) audit(AUDIT_OS_NOT, "Slackware"); if (!get_kb_item("Host/Slackware/packages")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Slackware", cpu); flag = 0; if (slackware_check(osver:"12.0", pkgname:"httpd", pkgver:"2.2.15", pkgarch:"i486", pkgnum:"1_slack12.0")) flag++; if (slackware_check(osver:"12.1", pkgname:"httpd", pkgver:"2.2.15", pkgarch:"i486", pkgnum:"1_slack12.1")) flag++; if (slackware_check(osver:"12.2", pkgname:"httpd", pkgver:"2.2.15", pkgarch:"i486", pkgnum:"1_slack12.2")) flag++; if (slackware_check(osver:"13.0", pkgname:"httpd", pkgver:"2.2.15", pkgarch:"i486", pkgnum:"1_slack13.0")) flag++; if (slackware_check(osver:"13.0", arch:"x86_64", pkgname:"httpd", pkgver:"2.2.15", pkgarch:"x86_64", pkgnum:"1_slack13.0")) flag++; if (slackware_check(osver:"current", pkgname:"httpd", pkgver:"2.2.15", pkgarch:"i486", pkgnum:"1")) flag++; if (slackware_check(osver:"current", arch:"x86_64", pkgname:"httpd", pkgver:"2.2.15", pkgarch:"x86_64", pkgnum:"1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:slackware_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
NASL family Web Servers NASL id ORACLE_HTTP_SERVER_CPU_JUL_2013.NASL description According to its banner, the version of Oracle HTTP Server installed on the remote host is potentially affected by multiple vulnerabilities. Note that Nessus did not verify if patches or workarounds have been applied. last seen 2020-06-01 modified 2020-06-02 plugin id 69301 published 2013-08-11 reporter This script is Copyright (C) 2013-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/69301 title Oracle Fusion Middleware Oracle HTTP Server Multiple Vulnerabilities code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(69301); script_version("1.11"); script_cvs_date("Date: 2018/11/15 20:50:25"); script_cve_id( "CVE-2005-3352", "CVE-2006-5752", "CVE-2007-3847", "CVE-2007-5000", "CVE-2007-6388", "CVE-2008-2364", "CVE-2010-0425", "CVE-2010-0434", "CVE-2010-2068", "CVE-2011-0419", "CVE-2011-3348", "CVE-2012-2687" ); script_bugtraq_id( 15834, 24645, 25489, 26838, 27237, 29653, 38494, 40827, 47820, 49616, 55131 ); script_xref(name:"CERT", value:"280613"); script_name(english:"Oracle Fusion Middleware Oracle HTTP Server Multiple Vulnerabilities"); script_summary(english:"Checks version of Oracle HTTP Server"); script_set_attribute( attribute:"synopsis", value:"The remote web server may be affected by multiple vulnerabilities." ); script_set_attribute( attribute:"description", value: "According to its banner, the version of Oracle HTTP Server installed on the remote host is potentially affected by multiple vulnerabilities. Note that Nessus did not verify if patches or workarounds have been applied." ); # https://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?e1cbd417"); # https://support.oracle.com/epmos/faces/DocumentDisplay?_afrLoop=45348489407964&id=1548709.1 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?2e9008fd"); # https://support.oracle.com/epmos/faces/ui/patch/PatchDetail.jspx?patchId=16802903 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?2ab0c223"); script_set_attribute(attribute:"solution", value:"Apply the July 2013 CPU."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_core", value:"true"); script_cwe_id(79, 200, 399); script_set_attribute(attribute:"vuln_publication_date", value:"2013/07/16"); script_set_attribute(attribute:"patch_publication_date", value:"2013/07/16"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/08/11"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:http_server"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Web Servers"); script_copyright(english:"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc."); script_dependencies("oracle_http_server_version.nasl"); script_require_keys("www/oracle", "Settings/PCI_DSS"); script_require_ports("Services/www", 80); exit(0); } include("audit.inc"); include("global_settings.inc"); include("http.inc"); include("misc_func.inc"); # Only PCI considers this an issue. if (!get_kb_item("Settings/PCI_DSS")) audit(AUDIT_PCI); port = get_http_port(default:80); # Make sure this is Oracle. get_kb_item_or_exit("www/"+port+"/oracle"); # Get version information from the KB. version = get_kb_item_or_exit("www/oracle/"+port+"/version", exit_code:1); source = get_kb_item_or_exit("www/oracle/"+port+"/source", exit_code:1); # Check if the remote server is affected. There is a patch in the CPU # for this version. No other versions can be patched by this CPU. if (version != "10.1.3.5.0") audit(AUDIT_LISTEN_NOT_VULN, "Oracle Application Server", port, version); set_kb_item(name:'www/'+port+'/XSS', value:TRUE); if (report_verbosity > 0) { report = '\n Version source : ' + source + '\n Installed version : ' + version + '\n'; security_hole(port:port, extra:report); } else security_hole(port);
NASL family SuSE Local Security Checks NASL id SUSE_SU-2017-2907-1.NASL description This update for apache2 fixes the following issues : - Allow disabling SNI on proxy connections using last seen 2020-06-01 modified 2020-06-02 plugin id 104270 published 2017-10-31 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/104270 title SUSE SLES11 Security Update : apache2 (SUSE-SU-2017:2907-1) (Optionsbleed) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from SUSE update advisory SUSE-SU-2017:2907-1. # The text itself is copyright (C) SUSE. # include("compat.inc"); if (description) { script_id(104270); script_version("3.9"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/30"); script_cve_id("CVE-2009-2699", "CVE-2010-0425", "CVE-2012-0021", "CVE-2014-0118", "CVE-2017-3167", "CVE-2017-3169", "CVE-2017-7668", "CVE-2017-7679", "CVE-2017-9798"); script_bugtraq_id(36596, 38494, 51705, 68745); script_name(english:"SUSE SLES11 Security Update : apache2 (SUSE-SU-2017:2907-1) (Optionsbleed)"); script_summary(english:"Checks rpm output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote SUSE host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "This update for apache2 fixes the following issues : - Allow disabling SNI on proxy connections using 'SetEnv proxy-disable-sni 1' in the configuration files. (bsc#1052830) - Allow ECDH again in mod_ssl, it had been incorrectly disabled with the 2.2.34 update. (bsc#1064561) Following security issue has been fixed : - CVE-2017-9798: A use-after-free in the OPTIONS command could be used by attackers to disclose memory of the apache server process, when htaccess uses incorrect Limit statement. (bsc#1058058) Additionally, references to the following security issues, fixed by the previous version-update of apache2 to Apache HTTPD 2.2.34 have been added : - CVE-2017-7668: The HTTP strict parsing introduced a bug in token list parsing, which allowed ap_find_token() to search past the end of its input string. By maliciously crafting a sequence of request headers, an attacker may have be able to cause a segmentation fault, or to force ap_find_token() to return an incorrect value. (bsc#1045061) - CVE-2017-3169: mod_ssl may have de-referenced a NULL pointer when third-party modules call ap_hook_process_connection() during an HTTP request to an HTTPS port allowing for DoS. (bsc#1045062) - CVE-2017-3167: Use of the ap_get_basic_auth_pw() by third-party modules outside of the authentication phase may have lead to authentication requirements being bypassed. (bsc#1045065) - CVE-2017-7679: mod_mime could have read one byte past the end of a buffer when sending a malicious Content-Type response header. (bsc#1045060) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1045060" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1045061" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1045062" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1045065" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1052830" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1058058" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1064561" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2009-2699/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2010-0425/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2012-0021/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2014-0118/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2017-3167/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2017-3169/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2017-7668/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2017-7679/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2017-9798/" ); # https://www.suse.com/support/update/announcement/2017/suse-su-20172907-1/ script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?084963fe" ); script_set_attribute( attribute:"solution", value: "To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product : SUSE Studio Onsite 1.3:zypper in -t patch slestso13-apache2-13331=1 SUSE Linux Enterprise Software Development Kit 11-SP4:zypper in -t patch sdksp4-apache2-13331=1 SUSE Linux Enterprise Server 11-SP4:zypper in -t patch slessp4-apache2-13331=1 SUSE Linux Enterprise Server 11-SP3-LTSS:zypper in -t patch slessp3-apache2-13331=1 SUSE Linux Enterprise Point of Sale 11-SP3:zypper in -t patch sleposp3-apache2-13331=1 SUSE Linux Enterprise Debuginfo 11-SP4:zypper in -t patch dbgsp4-apache2-13331=1 SUSE Linux Enterprise Debuginfo 11-SP3:zypper in -t patch dbgsp3-apache2-13331=1 To bring your system up-to-date, use 'zypper patch'." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_core", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:apache2"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:apache2-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:apache2-doc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:apache2-example-pages"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:apache2-prefork"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:apache2-utils"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:apache2-worker"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:11"); script_set_attribute(attribute:"vuln_publication_date", value:"2009/10/13"); script_set_attribute(attribute:"patch_publication_date", value:"2017/10/30"); script_set_attribute(attribute:"plugin_publication_date", value:"2017/10/31"); script_set_attribute(attribute:"in_the_news", value:"true"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE"); os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE"); os_ver = os_ver[1]; if (! preg(pattern:"^(SLES11)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLES11", "SUSE " + os_ver); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu); sp = get_kb_item("Host/SuSE/patchlevel"); if (isnull(sp)) sp = "0"; if (os_ver == "SLES11" && (! preg(pattern:"^(3|4)$", string:sp))) audit(AUDIT_OS_NOT, "SLES11 SP3/4", os_ver + " SP" + sp); flag = 0; if (rpm_check(release:"SLES11", sp:"4", reference:"apache2-2.2.34-70.12.1")) flag++; if (rpm_check(release:"SLES11", sp:"4", reference:"apache2-doc-2.2.34-70.12.1")) flag++; if (rpm_check(release:"SLES11", sp:"4", reference:"apache2-example-pages-2.2.34-70.12.1")) flag++; if (rpm_check(release:"SLES11", sp:"4", reference:"apache2-prefork-2.2.34-70.12.1")) flag++; if (rpm_check(release:"SLES11", sp:"4", reference:"apache2-utils-2.2.34-70.12.1")) flag++; if (rpm_check(release:"SLES11", sp:"4", reference:"apache2-worker-2.2.34-70.12.1")) flag++; if (rpm_check(release:"SLES11", sp:"3", reference:"apache2-2.2.34-70.12.1")) flag++; if (rpm_check(release:"SLES11", sp:"3", reference:"apache2-devel-2.2.34-70.12.1")) flag++; if (rpm_check(release:"SLES11", sp:"3", reference:"apache2-doc-2.2.34-70.12.1")) flag++; if (rpm_check(release:"SLES11", sp:"3", reference:"apache2-example-pages-2.2.34-70.12.1")) flag++; if (rpm_check(release:"SLES11", sp:"3", reference:"apache2-prefork-2.2.34-70.12.1")) flag++; if (rpm_check(release:"SLES11", sp:"3", reference:"apache2-utils-2.2.34-70.12.1")) flag++; if (rpm_check(release:"SLES11", sp:"3", reference:"apache2-worker-2.2.34-70.12.1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "apache2"); }
NASL family Web Servers NASL id APACHE_2_0_64.NASL description According to its banner, the version of Apache 2.0.x running on the remote host is prior to 2.0.64. It is, therefore, affected by the following vulnerabilities : - An unspecified error exists in the handling of requests without a path segment. (CVE-2010-1452) - Several modules, including last seen 2020-06-01 modified 2020-06-02 plugin id 50069 published 2010-10-20 reporter This script is Copyright (C) 2010-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/50069 title Apache 2.0.x < 2.0.64 Multiple Vulnerabilities code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(50069); script_cvs_date("Date: 2018/06/29 12:01:03"); script_version("1.33"); script_cve_id( "CVE-2008-2364", "CVE-2008-2939", "CVE-2009-1891", "CVE-2009-2412", "CVE-2009-3094", "CVE-2009-3095", "CVE-2009-3555", "CVE-2009-3560", "CVE-2009-3720", "CVE-2010-0425", "CVE-2010-0434", "CVE-2010-1452", "CVE-2010-1623" ); script_bugtraq_id(29653, 30560, 35949, 38494); script_xref(name:"Secunia", value:"30261"); script_xref(name:"Secunia", value:"31384"); script_xref(name:"Secunia", value:"35781"); script_xref(name:"Secunia", value:"36549"); script_xref(name:"Secunia", value:"36675"); script_xref(name:"Secunia", value:"38776"); script_name(english:"Apache 2.0.x < 2.0.64 Multiple Vulnerabilities"); script_summary(english:"Checks version in Server response header"); script_set_attribute(attribute:"synopsis", value: "The remote web server is affected by multiple vulnerabilities."); script_set_attribute(attribute:"description", value: "According to its banner, the version of Apache 2.0.x running on the remote host is prior to 2.0.64. It is, therefore, affected by the following vulnerabilities : - An unspecified error exists in the handling of requests without a path segment. (CVE-2010-1452) - Several modules, including 'mod_deflate', are vulnerable to a denial of service attack as the server can be forced to utilize CPU time compressing a large file after client disconnect. (CVE-2009-1891) - An unspecified error exists in 'mod_proxy' related to filtration of authentication credentials. (CVE-2009-3095) - A NULL pointer dereference issue exists in 'mod_proxy_ftp' in some error handling paths. (CVE-2009-3094) - An error exists in 'mod_ssl' making the server vulnerable to the TLC renegotiation prefix injection attack. (CVE-2009-3555) - An error exists in the handling of subrequests such that the parent request headers may be corrupted. (CVE-2010-0434) - An error exists in 'mod_proxy_http' when handling excessive interim responses making it vulnerable to a denial of service attack. (CVE-2008-2364) - An error exists in 'mod_isapi' that allows the module to be unloaded too early, which leaves orphaned callback pointers. (CVE-2010-0425) - An error exists in 'mod_proxy_ftp' when wildcards are in an FTP URL, which allows for cross-site scripting attacks. (CVE-2008-2939) Note that the remote web server may not actually be affected by these vulnerabilities. Nessus did not try to determine whether the affected modules are in use or to check for the issues themselves." ); script_set_attribute(attribute:"see_also", value:"https://archive.apache.org/dist/httpd/CHANGES_2.0.64"); # https://web.archive.org/web/20101028103804/http://httpd.apache.org/security/vulnerabilities_20.html script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?6dea6c32"); script_set_attribute(attribute:"solution", value: "Upgrade to Apache version 2.0.64 or later. Alternatively, ensure that the affected modules are not in use."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"); script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_core", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_cwe_id(79, 119, 189, 200, 264, 310, 399); script_set_attribute(attribute:"vuln_publication_date", value:"2008/06/10"); script_set_attribute(attribute:"patch_publication_date", value:"2010/10/19"); script_set_attribute(attribute:"plugin_publication_date", value:"2010/10/20"); script_set_attribute(attribute:"plugin_type", value: "remote"); script_set_attribute(attribute:"cpe", value:"cpe:/a:apache:http_server"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Web Servers"); script_copyright(english:"This script is Copyright (C) 2010-2018 Tenable Network Security, Inc."); script_dependencies("apache_http_version.nasl"); script_require_keys("installed_sw/Apache"); script_require_ports("Services/www", 80); exit(0); } include("global_settings.inc"); include("misc_func.inc"); include("http.inc"); include("audit.inc"); include("install_func.inc"); get_install_count(app_name:"Apache", exit_if_zero:TRUE); port = get_http_port(default:80); install = get_single_install(app_name:"Apache", port:port, exit_if_unknown_ver:TRUE); # Check if we could get a version first, then check if it was # backported version = get_kb_item_or_exit('www/apache/'+port+'/version', exit_code:1); backported = get_kb_item_or_exit('www/apache/'+port+'/backported', exit_code:1); if (report_paranoia < 2 && backported) audit(AUDIT_BACKPORT_SERVICE, port, "Apache"); source = get_kb_item_or_exit('www/apache/'+port+'/source', exit_code:1); # Check if the version looks like either ServerTokens Major/Minor # was used if (version =~ '^2(\\.0)?$') exit(1, "The banner from the Apache server listening on port "+port+" - "+source+" - is not granular enough to make a determination."); if (version !~ "^\d+(\.\d+)*$") exit(1, "The version of Apache listening on port " + port + " - " + version + " - is non-numeric and, therefore, cannot be used to make a determination."); if (version =~ '^2\\.0' && ver_compare(ver:version, fix:'2.0.64') == -1) { set_kb_item(name:"www/"+port+"/XSS", value:TRUE); if (report_verbosity > 0) { report = '\n Version source : ' + source + '\n Installed version : ' + version + '\n Fixed version : 2.0.64\n'; security_hole(port:port, extra:report); } else security_hole(port); exit(0); } else audit(AUDIT_LISTEN_NOT_VULN, "Apache", port, install["version"]);
Oval
accepted | 2014-07-14T04:01:29.593-04:00 | ||||||||||||||||
class | vulnerability | ||||||||||||||||
contributors |
| ||||||||||||||||
definition_extensions |
| ||||||||||||||||
description | modules/arch/win32/mod_isapi.c in mod_isapi in the Apache HTTP Server 2.0.37 through 2.0.63, 2.2.0 through 2.2.14, and 2.3.x before 2.3.7, when running on Windows, does not ensure that request processing is complete before calling isapi_unload for an ISAPI .dll module, which allows remote attackers to execute arbitrary code via unspecified vectors related to a crafted request, a reset packet, and "orphaned callback pointers." | ||||||||||||||||
family | windows | ||||||||||||||||
id | oval:org.mitre.oval:def:8439 | ||||||||||||||||
status | accepted | ||||||||||||||||
submitted | 2010-03-08T17:30:00.000-05:00 | ||||||||||||||||
title | Apache 'mod_isapi' Memory Corruption Vulnerability | ||||||||||||||||
version | 11 |
Packetstorm
data source | https://packetstormsecurity.com/files/download/86964/pwn-isapi.cpp.txt |
id | PACKETSTORM:86964 |
last seen | 2016-12-05 |
published | 2010-03-06 |
reporter | Brett Gervasoni |
source | https://packetstormsecurity.com/files/86964/Apache-2.2.14-mod_isapi-Remote-SYSTEM-Exploit.html |
title | Apache 2.2.14 mod_isapi Remote SYSTEM Exploit |
Seebug
bulletinFamily exploit description No description provided by source. id SSV:69341 last seen 2017-11-19 modified 2014-07-01 published 2014-07-01 reporter Root source https://www.seebug.org/vuldb/ssvid-69341 title Write-to-file Shellcode (Win32) bulletinFamily exploit description No description provided by source. id SSV:19236 last seen 2017-11-19 modified 2010-03-07 published 2010-03-07 reporter Root source https://www.seebug.org/vuldb/ssvid-19236 title Apache 2.2.14 mod_isapi Dangling Pointer Remote SYSTEM Exploit bulletinFamily exploit description CVE:CVE-2010-0425 Apache is prone to a memory-corruption vulnerability. Attackers can leverage this vulnerability to execute arbitrary code with SYSTEM privileges; failed attacks may result in denial-of-service conditions. Apache versions prior to 2.2.15 are affected. Slackware Linux x86_64 -current Slackware Linux 13.0 x86_64 Slackware Linux 13.0 Slackware Linux 12.2 Slackware Linux 12.1 Slackware Linux 12.0 Slackware Linux -current IBM HTTP Server 6.1.0 Apache Software Foundation Apache 2.2.14 Apache Software Foundation Apache 2.2.13 Apache Software Foundation Apache 2.2.12 Apache Software Foundation Apache 2.2.11 Apache Software Foundation Apache 2.2.10 Apache Software Foundation Apache 2.2.9 + Adobe Flash Media Server 3.5.3 + Adobe Flash Media Server 3.5.2 + Adobe Flash Media Server 3.5.1 Apache Software Foundation Apache 2.2.8 Apache Software Foundation Apache 2.2.6 Apache Software Foundation Apache 2.2.5 Apache Software Foundation Apache 2.2.4 Apache Software Foundation Apache 2.2.3 Apache Software Foundation Apache 2.2.2 Apache Software Foundation Apache 2.2 .0 Apache Software Foundation Apache 2.0.63 Apache Software Foundation Apache 2.0.59 Apache Software Foundation Apache 2.0.58 + Debian Linux 3.1 sparc + Debian Linux 3.1 s/390 + Debian Linux 3.1 ppc + Debian Linux 3.1 mipsel + Debian Linux 3.1 mips + Debian Linux 3.1 m68k + Debian Linux 3.1 ia-64 + Debian Linux 3.1 ia-32 + Debian Linux 3.1 hppa + Debian Linux 3.1 arm + Debian Linux 3.1 amd64 + Debian Linux 3.1 alpha + Debian Linux 3.1 Apache Software Foundation Apache 2.0.56 -dev Apache Software Foundation Apache 2.0.55 Apache Software Foundation Apache 2.0.54 + Debian Linux 3.1 sparc + Debian Linux 3.1 s/390 + Debian Linux 3.1 ppc + Debian Linux 3.1 mipsel + Debian Linux 3.1 mips + Debian Linux 3.1 m68k + Debian Linux 3.1 ia-64 + Debian Linux 3.1 ia-32 + Debian Linux 3.1 hppa + Debian Linux 3.1 arm + Debian Linux 3.1 amd64 + Debian Linux 3.1 alpha + Debian Linux 3.1 Apache Software Foundation Apache 2.0.53 Apache Software Foundation Apache 2.0.52 + Apple Mac OS X 10.3.6 + Apple Mac OS X 10.2.8 + Apple Mac OS X Server 10.3.6 + Apple Mac OS X Server 10.2.8 + RedHat Desktop 4.0 + RedHat Enterprise Linux AS 4 + RedHat Enterprise Linux ES 4 + RedHat Enterprise Linux WS 4 + Sun Solaris 10 Apache Software Foundation Apache 2.0.52 Apache Software Foundation Apache 2.0.51 + RedHat Fedora Core2 + RedHat Fedora Core1 Apache Software Foundation Apache 2.0.50 + MandrakeSoft Linux Mandrake 10.1 x86_64 + MandrakeSoft Linux Mandrake 10.1 Apache Software Foundation Apache 2.0.50 Apache Software Foundation Apache 2.0.49 + S.u.S.E. Linux Personal 9.1 + Trustix Secure Linux 2.1 + Trustix Secure Linux 2.0 Apache Software Foundation Apache 2.0.48 + MandrakeSoft Linux Mandrake 10.0 AMD64 + MandrakeSoft Linux Mandrake 10.0 + S.u.S.E. Linux 8.1 + S.u.S.E. Linux Personal 9.0 x86_64 + S.u.S.E. Linux Personal 9.0 + S.u.S.E. Linux Personal 8.2 + Trustix Secure Linux 2.1 + Trustix Secure Linux 2.0 Apache Software Foundation Apache 2.0.47 + Apple Mac OS X Server 10.3.5 + Apple Mac OS X Server 10.3.4 + Apple Mac OS X Server 10.3.3 + Apple Mac OS X Server 10.3.2 + Apple Mac OS X Server 10.3.1 + Apple Mac OS X Server 10.3 + Apple Mac OS X Server 10.2.8 + Apple Mac OS X Server 10.2.7 + Apple Mac OS X Server 10.2.6 + Apple Mac OS X Server 10.2.5 + Apple Mac OS X Server 10.2.4 + Apple Mac OS X Server 10.2.3 + Apple Mac OS X Server 10.2.2 + Apple Mac OS X Server 10.2.1 + Apple Mac OS X Server 10.2 + Apple Mac OS X Server 10.1.5 + Apple Mac OS X Server 10.1.4 + Apple Mac OS X Server 10.1.3 + Apple Mac OS X Server 10.1.2 + Apple Mac OS X Server 10.1.1 + Apple Mac OS X Server 10.1 + MandrakeSoft Linux Mandrake 9.2 amd64 + MandrakeSoft Linux Mandrake 9.2 + MandrakeSoft Linux Mandrake 9.1 ppc + MandrakeSoft Linux Mandrake 9.1 Apache Software Foundation Apache 2.0.46 + RedHat Desktop 3.0 + RedHat Enterprise Linux AS 3 + RedHat Enterprise Linux ES 3 + RedHat Enterprise Linux WS 3 + Trustix Secure Linux 2.0 Apache Software Foundation Apache 2.0.46 Apache Software Foundation Apache 2.0.45 - Apple Mac OS X 10.2.6 - Apple Mac OS X 10.2.5 - Apple Mac OS X 10.2.4 - Apple Mac OS X 10.2.3 - Apple Mac OS X 10.2.2 - Apple Mac OS X 10.2.1 - Apple Mac OS X 10.2 - Apple Mac OS X 10.1.5 - Apple Mac OS X 10.1.4 - Apple Mac OS X 10.1.3 - Apple Mac OS X 10.1.2 - Apple Mac OS X 10.1.1 - Apple Mac OS X 10.1 - Apple Mac OS X 10.1 - Apple Mac OS X 10.0.4 - Apple Mac OS X 10.0.3 - Apple Mac OS X 10.0.2 - Apple Mac OS X 10.0.1 - Apple Mac OS X 10.0 + Conectiva Linux 9.0 Apache Software Foundation Apache 2.0.44 Apache Software Foundation Apache 2.0.43 Apache Software Foundation Apache 2.0.42 + Gentoo Linux 1.4 _rc1 + Gentoo Linux 1.2 Apache Software Foundation Apache 2.0.41 Apache Software Foundation Apache 2.0.40 + RedHat Linux 9.0 i386 + RedHat Linux 8.0 + Terra Soft Solutions Yellow Dog Linux 3.0 Apache Software Foundation Apache 2.0.39 Apache Software Foundation Apache 2.0.38 Apache Software Foundation Apache 2.0.37 Apache Software Foundation Apache 2.2.7-dev Apache Software Foundation Apache 2.2.6-dev Apache Software Foundation Apache 2.2.5-dev Apache Software Foundation Apache 2.2.1 Apache Software Foundation Apache 2.2 Apache Software Foundation Apache 2.0.62-dev Apache Software Foundation Apache 2.0.61-dev Apache Software Foundation Apache 2.0.60-dev Apache Software Foundation Apache 2.0.58 Apache Software Foundation Apache 2.0.57 Slackware Linux x86_64 -current * Slackware httpd-2.2.15-x86_64-1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/ n/httpd-2.2.15-x86_64-1.txz Slackware Linux 12.0 * Slackware httpd-2.2.15-i486-1_slack12.0.tgz ftp://ftp.slackware.com/pub/slackware/slackware-12.0/patches/packages/ httpd-2.2.15-i486-1_slack12.0.tgz Slackware Linux -current * Slackware httpd-2.2.15-i486-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/ht tpd-2.2.15-i486-1.txz Slackware Linux 12.2 * Slackware httpd-2.2.15-i486-1_slack12.2.tgz ftp://ftp.slackware.com/pub/slackware/slackware-12.2/patches/packages/ httpd-2.2.15-i486-1_slack12.2.tgz Slackware Linux 13.0 x86_64 * Slackware httpd-2.2.15-x86_64-1_slack13.0.txz ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/package s/httpd-2.2.15-x86_64-1_slack13.0.txz Slackware Linux 12.1 * Slackware httpd-2.2.15-i486-1_slack12.1.tgz ftp://ftp.slackware.com/pub/slackware/slackware-12.1/patches/packages/ httpd-2.2.15-i486-1_slack12.1.tgz Slackware Linux 13.0 * Slackware httpd-2.2.15-i486-1_slack13.0.txz ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/ httpd-2.2.15-i486-1_slack13.0.txz id SSV:19282 last seen 2017-11-19 modified 2010-03-17 published 2010-03-17 reporter Root source https://www.seebug.org/vuldb/ssvid-19282 title Apache 'mod_isapi' Memory Corruption Vulnerability
References
- http://svn.apache.org/viewvc?view=revision&revision=917870
- http://svn.apache.org/viewvc/httpd/httpd/trunk/CHANGES?r1=917870&r2=917869&pathrev=917870
- http://www.securityfocus.com/bid/38494
- http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/arch/win32/mod_isapi.c?r1=917870&r2=917869&pathrev=917870
- http://www.senseofsecurity.com.au/advisories/SOS-10-002
- http://httpd.apache.org/security/vulnerabilities_22.html
- http://www.securitytracker.com/id?1023701
- http://www.vupen.com/english/advisories/2010/0634
- http://www-01.ibm.com/support/docview.wss?uid=swg1PM09447
- http://www.kb.cert.org/vuls/id/280613
- http://httpd.apache.org/security/vulnerabilities_20.html
- http://secunia.com/advisories/38978
- http://www-01.ibm.com/support/docview.wss?uid=swg1PM12247
- http://secunia.com/advisories/39628
- http://www.vupen.com/english/advisories/2010/0994
- http://lists.vmware.com/pipermail/security-announce/2010/000105.html
- http://www.vmware.com/security/advisories/VMSA-2010-0014.html
- http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/56624
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8439
- https://www.exploit-db.com/exploits/11650
- https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/reb7c64aeea604bf948467d9d1cab8ff23fa7d002be1964bcc275aae7%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/r2295080a257bad27ea68ca0af12fc715577f9e84801eae116a33107e%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/rad2acee3ab838b52c04a0698b1728a9a43467bf365bd481c993c535d%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E