Vulnerabilities > CVE-2010-0434 - Information Exposure vulnerability in multiple products
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
The ap_read_request function in server/protocol.c in the Apache HTTP Server 2.2.x before 2.2.15, when a multithreaded MPM is used, does not properly handle headers in subrequests in certain circumstances involving a parent request that has a body, which might allow remote attackers to obtain sensitive information via a crafted request that triggers access to memory locations associated with an earlier request.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Subverting Environment Variable Values The attacker directly or indirectly modifies environment variables used by or controlling the target software. The attacker's goal is to cause the target software to deviate from its expected operation in a manner that benefits the attacker.
- Footprinting An attacker engages in probing and exploration activity to identify constituents and properties of the target. Footprinting is a general term to describe a variety of information gathering techniques, often used by attackers in preparation for some attack. It consists of using tools to learn as much as possible about the composition, configuration, and security mechanisms of the targeted application, system or network. Information that might be collected during a footprinting effort could include open ports, applications and their versions, network topology, and similar information. While footprinting is not intended to be damaging (although certain activities, such as network scans, can sometimes cause disruptions to vulnerable applications inadvertently) it may often pave the way for more damaging attacks.
- Exploiting Trust in Client (aka Make the Client Invisible) An attack of this type exploits a programs' vulnerabilities in client/server communication channel authentication and data integrity. It leverages the implicit trust a server places in the client, or more importantly, that which the server believes is the client. An attacker executes this type of attack by placing themselves in the communication channel between client and server such that communication directly to the server is possible where the server believes it is communicating only with a valid client. There are numerous variations of this type of attack.
- Browser Fingerprinting An attacker carefully crafts small snippets of Java Script to efficiently detect the type of browser the potential victim is using. Many web-based attacks need prior knowledge of the web browser including the version of browser to ensure successful exploitation of a vulnerability. Having this knowledge allows an attacker to target the victim with attacks that specifically exploit known or zero day weaknesses in the type and version of the browser used by the victim. Automating this process via Java Script as a part of the same delivery system used to exploit the browser is considered more efficient as the attacker can supply a browser fingerprinting method and integrate it with exploit code, all contained in Java Script and in response to the same web page request by the browser.
- Session Credential Falsification through Prediction This attack targets predictable session ID in order to gain privileges. The attacker can predict the session ID used during a transaction to perform spoofing and session hijacking.
Nessus
NASL family Scientific Linux Local Security Checks NASL id SL_20100325_HTTPD_ON_SL4_X.NASL description CVE-2010-0434 httpd: request header information leak A use-after-free flaw was discovered in the way the Apache HTTP Server handled request headers in subrequests. In configurations where subrequests are used, a multithreaded MPM (Multi-Processing Module) could possibly leak information from other requests in request replies. (CVE-2010-0434) This update also fixes the following bug : - a bug was found in the mod_dav module. If a PUT request for an existing file failed, that file would be unexpectedly deleted and a last seen 2020-06-01 modified 2020-06-02 plugin id 60753 published 2012-08-01 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/60753 title Scientific Linux Security Update : httpd on SL4.x i386/x86_64 code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text is (C) Scientific Linux. # include("compat.inc"); if (description) { script_id(60753); script_version("1.7"); script_cvs_date("Date: 2019/10/25 13:36:18"); script_cve_id("CVE-2010-0434"); script_name(english:"Scientific Linux Security Update : httpd on SL4.x i386/x86_64"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value: "The remote Scientific Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "CVE-2010-0434 httpd: request header information leak A use-after-free flaw was discovered in the way the Apache HTTP Server handled request headers in subrequests. In configurations where subrequests are used, a multithreaded MPM (Multi-Processing Module) could possibly leak information from other requests in request replies. (CVE-2010-0434) This update also fixes the following bug : - a bug was found in the mod_dav module. If a PUT request for an existing file failed, that file would be unexpectedly deleted and a 'Could not get next bucket brigade' error logged. With this update, failed PUT requests no longer cause mod_dav to delete files, which resolves this issue. (BZ#572932) As well, this update adds the following enhancement : - with the updated openssl packages from RHSA-2010:0163 installed, mod_ssl will refuse to renegotiate a TLS/SSL connection with an unpatched client that does not support RFC 5746. This update adds the 'SSLInsecureRenegotiation' configuration directive. If this directive is enabled, mod_ssl will renegotiate insecurely with unpatched clients. (BZ#575805) Refer to the following Red Hat Knowledgebase article for more details about the changed mod_ssl behavior: http://kbase.redhat.com/faq/docs/DOC-20491 After installing the updated packages, the httpd daemon must be restarted for the update to take effect." ); # http://kbase.redhat.com/faq/docs/DOC-20491 script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/articles/20490" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=572932" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=575805" ); # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1003&L=scientific-linux-errata&T=0&P=2999 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?abc24617" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N"); script_cwe_id(200); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux"); script_set_attribute(attribute:"patch_publication_date", value:"2010/03/25"); script_set_attribute(attribute:"plugin_publication_date", value:"2012/08/01"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Scientific Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux"); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu); flag = 0; if (rpm_check(release:"SL4", reference:"httpd-2.0.52-41.sl4.7")) flag++; if (rpm_check(release:"SL4", reference:"httpd-devel-2.0.52-41.sl4.7")) flag++; if (rpm_check(release:"SL4", reference:"httpd-manual-2.0.52-41.sl4.7")) flag++; if (rpm_check(release:"SL4", reference:"httpd-suexec-2.0.52-41.sl4.7")) flag++; if (rpm_check(release:"SL4", reference:"mod_ssl-2.0.52-41.sl4.7")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2010-0168.NASL description Updated httpd packages that fix two security issues and add an enhancement are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The Apache HTTP Server is a popular web server. It was discovered that mod_proxy_ajp incorrectly returned an last seen 2020-06-01 modified 2020-06-02 plugin id 45367 published 2010-03-29 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/45367 title CentOS 5 : httpd (CESA-2010:0168) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2010-0168.NASL description From Red Hat Security Advisory 2010:0168 : Updated httpd packages that fix two security issues and add an enhancement are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The Apache HTTP Server is a popular web server. It was discovered that mod_proxy_ajp incorrectly returned an last seen 2020-06-01 modified 2020-06-02 plugin id 68022 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/68022 title Oracle Linux 5 : httpd (ELSA-2010-0168) NASL family MacOS X Local Security Checks NASL id MACOSX_10_6_5.NASL description The remote host is running a version of Mac OS X 10.6.x that is prior to 10.6.5. Mac OS X 10.6.5 contains security fixes for the following products : - AFP Server - Apache mod_perl - Apache - AppKit - ATS - CFNetwork - CoreGraphics - CoreText - CUPS - Directory Services - diskdev_cmds - Disk Images - Flash Player plug-in - gzip - Image Capture - ImageIO - Image RAW - Kernel - MySQL - neon - Networking - OpenLDAP - OpenSSL - Password Server - PHP - Printing - python - QuickLook - QuickTime - Safari RSS - Time Machine - Wiki Server - X11 - xar last seen 2020-06-01 modified 2020-06-02 plugin id 50548 published 2010-11-10 reporter This script is Copyright (C) 2010-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/50548 title Mac OS X 10.6.x < 10.6.5 Multiple Vulnerabilities NASL family Web Servers NASL id APACHE_2_2_15.NASL description According to its banner, the version of Apache 2.2.x running on the remote host is prior to 2.2.15. It is, therefore, potentially affected by multiple vulnerabilities : - A TLS renegotiation prefix injection attack is possible. (CVE-2009-3555) - The last seen 2020-06-01 modified 2020-06-02 plugin id 45004 published 2010-10-20 reporter This script is Copyright (C) 2010-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/45004 title Apache 2.2.x < 2.2.15 Multiple Vulnerabilities NASL family SuSE Local Security Checks NASL id SUSE_11_2_APACHE2-100413.NASL description When using a multithreaded MPM apache could leak memory of requests handled by a different thread when processing subrequests (CVE-2010-0434). Specially crafted requests could crash mod_proxy_ajp (CVE-2010-0408). last seen 2020-06-01 modified 2020-06-02 plugin id 46011 published 2010-04-27 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/46011 title openSUSE Security Update : apache2 (openSUSE-SU-2010:0165-1) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201206-25.NASL description The remote host is affected by the vulnerability described in GLSA-201206-25 (Apache HTTP Server: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Apache HTTP Server. Please review the CVE identifiers referenced below for details. Impact : A remote attacker might obtain sensitive information, gain privileges, send requests to unintended servers behind proxies, bypass certain security restrictions, obtain the values of HTTPOnly cookies, or cause a Denial of Service in various ways. A local attacker could gain escalated privileges. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 59678 published 2012-06-25 reporter This script is Copyright (C) 2012-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/59678 title GLSA-201206-25 : Apache HTTP Server: Multiple vulnerabilities NASL family Debian Local Security Checks NASL id DEBIAN_DSA-2035.NASL description Two issues have been found in the Apache HTTPD web server : - CVE-2010-0408 mod_proxy_ajp would return the wrong status code if it encountered an error, causing a backend server to be put into an error state until the retry timeout expired. A remote attacker could send malicious requests to trigger this issue, resulting in denial of service. - CVE-2010-0434 A flaw in the core subrequest process code was found, which could lead to a daemon crash (segfault) or disclosure of sensitive information if the headers of a subrequest were modified by modules such as mod_headers. last seen 2020-06-01 modified 2020-06-02 plugin id 45557 published 2010-04-19 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/45557 title Debian DSA-2035-1 : apache2 - multiple issues NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2010-0175.NASL description Updated httpd packages that fix one security issue, a bug, and add an enhancement are now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The Apache HTTP Server is a popular web server. A use-after-free flaw was discovered in the way the Apache HTTP Server handled request headers in subrequests. In configurations where subrequests are used, a multithreaded MPM (Multi-Processing Module) could possibly leak information from other requests in request replies. (CVE-2010-0434) This update also fixes the following bug : * a bug was found in the mod_dav module. If a PUT request for an existing file failed, that file would be unexpectedly deleted and a last seen 2020-06-01 modified 2020-06-02 plugin id 45368 published 2010-03-29 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/45368 title CentOS 4 : httpd (CESA-2010:0175) NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2010-057.NASL description A vulnerability has been found and corrected in apache : The ap_read_request function in server/protocol.c in the Apache HTTP Server 2.2.x before 2.2.15, when a multithreaded MPM is used, does not properly handle headers in subrequests in certain circumstances involving a parent request that has a body, which might allow remote attackers to obtain sensitive information via a crafted request that triggers access to memory locations associated with an earlier request (CVE-2010-0434). Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers. The updated packages have been patched to correct this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 44997 published 2010-03-08 reporter This script is Copyright (C) 2010-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/44997 title Mandriva Linux Security Advisory : apache (MDVSA-2010:057) NASL family Fedora Local Security Checks NASL id FEDORA_2010-5942.NASL description The Apache HTTP Server Project is proud to announce the release of version 2.2.15 of the Apache HTTP Server ( last seen 2020-06-01 modified 2020-06-02 plugin id 47408 published 2010-07-01 reporter This script is Copyright (C) 2010-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/47408 title Fedora 13 : httpd-2.2.15-1.fc13 (2010-5942) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2010-0175.NASL description From Red Hat Security Advisory 2010:0175 : Updated httpd packages that fix one security issue, a bug, and add an enhancement are now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The Apache HTTP Server is a popular web server. A use-after-free flaw was discovered in the way the Apache HTTP Server handled request headers in subrequests. In configurations where subrequests are used, a multithreaded MPM (Multi-Processing Module) could possibly leak information from other requests in request replies. (CVE-2010-0434) This update also fixes the following bug : * a bug was found in the mod_dav module. If a PUT request for an existing file failed, that file would be unexpectedly deleted and a last seen 2020-06-01 modified 2020-06-02 plugin id 68024 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/68024 title Oracle Linux 4 : httpd (ELSA-2010-0175) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-908-1.NASL description It was discovered that mod_proxy_ajp did not properly handle errors when a client doesn last seen 2020-06-01 modified 2020-06-02 plugin id 45037 published 2010-03-11 reporter Ubuntu Security Notice (C) 2010-2019 Canonical, Inc. / NASL script (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/45037 title Ubuntu 6.06 LTS / 8.04 LTS / 8.10 / 9.04 / 9.10 : apache2 vulnerabilities (USN-908-1) NASL family SuSE Local Security Checks NASL id SUSE_11_1_APACHE2-100413.NASL description When using a multithreaded MPM apache could leak memory of requests handled by a different thread when processing subrequests (CVE-2010-0434). Specially crafted requests could crash mod_proxy_ajp (CVE-2010-0408). last seen 2020-06-01 modified 2020-06-02 plugin id 46009 published 2010-04-27 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/46009 title openSUSE Security Update : apache2 (openSUSE-SU-2010:0165-1) NASL family Fedora Local Security Checks NASL id FEDORA_2010-6055.NASL description The Apache HTTP Server Project is proud to announce the release of version 2.2.15 of the Apache HTTP Server ( last seen 2020-06-01 modified 2020-06-02 plugin id 47412 published 2010-07-01 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/47412 title Fedora 12 : httpd-2.2.15-1.fc12.2 (2010-6055) NASL family SuSE Local Security Checks NASL id SUSE_APACHE2-6984.NASL description The following bugs have been fixed : When using a multi-threaded MPM apache could leak memory of requests handled by a different thread when processing subrequests (CVE-2010-0434). Specially crafted requests could crash mod_proxy_ajp. (CVE-2010-0408) last seen 2020-06-01 modified 2020-06-02 plugin id 46013 published 2010-04-27 reporter This script is Copyright (C) 2010-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/46013 title SuSE 10 Security Update : Apache 2 (ZYPP Patch Number 6984) NASL family Fedora Local Security Checks NASL id FEDORA_2010-6131.NASL description The Apache HTTP Server Project is proud to announce the release of version 2.2.15 of the Apache HTTP Server ( last seen 2020-06-01 modified 2020-06-02 plugin id 47417 published 2010-07-01 reporter This script is Copyright (C) 2010-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/47417 title Fedora 11 : httpd-2.2.15-1.fc11.1 (2010-6131) NASL family SuSE Local Security Checks NASL id SUSE_APACHE2-6987.NASL description The following bugs have been fixed : When using a multi-threaded MPM apache could leak memory of requests handled by a different thread when processing subrequests (CVE-2010-0434). Specially crafted requests could crash mod_proxy_ajp. (CVE-2010-0408) last seen 2020-06-01 modified 2020-06-02 plugin id 49827 published 2010-10-11 reporter This script is Copyright (C) 2010-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/49827 title SuSE 10 Security Update : Apache 2 (ZYPP Patch Number 6987) NASL family SuSE Local Security Checks NASL id SUSE_11_APACHE2-100413.NASL description The following bugs have been fixed : - When using a multithreaded MPM Apache could leak memory of requests handled by a different thread when processing subrequests. (CVE-2010-0434) - Specially crafted requests could crash mod_proxy_ajp. (CVE-2010-0408) last seen 2020-06-01 modified 2020-06-02 plugin id 50889 published 2010-12-02 reporter This script is Copyright (C) 2010-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/50889 title SuSE 11 Security Update : Apache 2 (SAT Patch Number 2293) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2010-0175.NASL description Updated httpd packages that fix one security issue, a bug, and add an enhancement are now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The Apache HTTP Server is a popular web server. A use-after-free flaw was discovered in the way the Apache HTTP Server handled request headers in subrequests. In configurations where subrequests are used, a multithreaded MPM (Multi-Processing Module) could possibly leak information from other requests in request replies. (CVE-2010-0434) This update also fixes the following bug : * a bug was found in the mod_dav module. If a PUT request for an existing file failed, that file would be unexpectedly deleted and a last seen 2020-06-01 modified 2020-06-02 plugin id 46281 published 2010-05-11 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/46281 title RHEL 4 : httpd (RHSA-2010:0175) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2010-0168.NASL description Updated httpd packages that fix two security issues and add an enhancement are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The Apache HTTP Server is a popular web server. It was discovered that mod_proxy_ajp incorrectly returned an last seen 2020-06-01 modified 2020-06-02 plugin id 46279 published 2010-05-11 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/46279 title RHEL 5 : httpd (RHSA-2010:0168) NASL family Web Servers NASL id ORACLE_HTTP_SERVER_CPU_JUL_2013.NASL description According to its banner, the version of Oracle HTTP Server installed on the remote host is potentially affected by multiple vulnerabilities. Note that Nessus did not verify if patches or workarounds have been applied. last seen 2020-06-01 modified 2020-06-02 plugin id 69301 published 2013-08-11 reporter This script is Copyright (C) 2013-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/69301 title Oracle Fusion Middleware Oracle HTTP Server Multiple Vulnerabilities NASL family Scientific Linux Local Security Checks NASL id SL_20100325_HTTPD_ON_SL5_X.NASL description CVE-2010-0408 httpd: mod_proxy_ajp remote temporary DoS CVE-2010-0434 httpd: request header information leak It was discovered that mod_proxy_ajp incorrectly returned an last seen 2020-06-01 modified 2020-06-02 plugin id 60754 published 2012-08-01 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/60754 title Scientific Linux Security Update : httpd on SL5.x i386/x86_64 NASL family Web Servers NASL id APACHE_2_0_64.NASL description According to its banner, the version of Apache 2.0.x running on the remote host is prior to 2.0.64. It is, therefore, affected by the following vulnerabilities : - An unspecified error exists in the handling of requests without a path segment. (CVE-2010-1452) - Several modules, including last seen 2020-06-01 modified 2020-06-02 plugin id 50069 published 2010-10-20 reporter This script is Copyright (C) 2010-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/50069 title Apache 2.0.x < 2.0.64 Multiple Vulnerabilities NASL family SuSE Local Security Checks NASL id SUSE_11_0_APACHE2-100413.NASL description When using a multithreaded MPM apache could leak memory of requests handled by a different thread when processing subrequests (CVE-2010-0434). Specially crafted requests could crash mod_proxy_ajp (CVE-2010-0408). last seen 2020-06-01 modified 2020-06-02 plugin id 46006 published 2010-04-27 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/46006 title openSUSE Security Update : apache2 (openSUSE-SU-2010:0165-1)
Oval
accepted 2013-04-29T04:04:57.872-04:00 class vulnerability contributors name Aharon Chernin organization SCAP.com, LLC name Dragos Prisaca organization G2, Inc.
definition_extensions comment The operating system installed on the system is Red Hat Enterprise Linux 4 oval oval:org.mitre.oval:def:11831 comment CentOS Linux 4.x oval oval:org.mitre.oval:def:16636 comment Oracle Linux 4.x oval oval:org.mitre.oval:def:15990 comment The operating system installed on the system is Red Hat Enterprise Linux 5 oval oval:org.mitre.oval:def:11414 comment The operating system installed on the system is CentOS Linux 5.x oval oval:org.mitre.oval:def:15802 comment Oracle Linux 5.x oval oval:org.mitre.oval:def:15459
description The ap_read_request function in server/protocol.c in the Apache HTTP Server 2.2.x before 2.2.15, when a multithreaded MPM is used, does not properly handle headers in subrequests in certain circumstances involving a parent request that has a body, which might allow remote attackers to obtain sensitive information via a crafted request that triggers access to memory locations associated with an earlier request. family unix id oval:org.mitre.oval:def:10358 status accepted submitted 2010-07-09T03:56:16-04:00 title The ap_read_request function in server/protocol.c in the Apache HTTP Server 2.2.x before 2.2.15, when a multithreaded MPM is used, does not properly handle headers in subrequests in certain circumstances involving a parent request that has a body, which might allow remote attackers to obtain sensitive information via a crafted request that triggers access to memory locations associated with an earlier request. version 27 accepted 2014-07-14T04:01:31.358-04:00 class vulnerability contributors name J. Daniel Brown organization DTCC name Mike Lah organization The MITRE Corporation name Shane Shaffer organization G2, Inc. name Maria Mikhno organization ALTX-SOFT
definition_extensions comment Apache HTTP Server 2.2.x is installed on the system oval oval:org.mitre.oval:def:8550 description The ap_read_request function in server/protocol.c in the Apache HTTP Server 2.2.x before 2.2.15, when a multithreaded MPM is used, does not properly handle headers in subrequests in certain circumstances involving a parent request that has a body, which might allow remote attackers to obtain sensitive information via a crafted request that triggers access to memory locations associated with an earlier request. family windows id oval:org.mitre.oval:def:8695 status accepted submitted 2010-03-04T17:30:00.000-05:00 title Apache HTTP Server request header information disclosure version 11
Redhat
advisories |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
rpms |
|
Seebug
bulletinFamily | exploit |
description | BUGTRAQ ID: 38580 CVE(CAN) ID: CVE-2010-0434 Apache HTTP Server是一款流行的Web服务器。 在使用多线程MPM时,Apache HTTP Server的server/protocol.c文件中的ap_read_request函数没有正确地处理子请求,可能允许远程攻击者从其他线程所处理的请求中读取敏感信息。 Apache Group Apache 2.2.x 厂商补丁: Apache Group ------------ 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://svn.apache.org/viewvc?view=revision&revision=918427 http://svn.apache.org/viewvc?view=revision&revision=917867 |
id | SSV:19320 |
last seen | 2017-11-19 |
modified | 2010-03-23 |
published | 2010-03-23 |
reporter | Root |
title | Apache 2.2.x子请求处理信息泄露漏洞 |
Statements
contributor | Vincent Danen |
lastmodified | 2010-04-13 |
organization | Red Hat |
statement | Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-0434 This issue was fixed in Red Hat Enterprise Linux 5 via: https://rhn.redhat.com/errata/RHSA-2010-0168.html This issue was fixed in Red Hat Enterprise Linux 4 via: https://rhn.redhat.com/errata/RHSA-2010-0175.html The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw on Red Hat Enterprise Linux 3. More information regarding issue severity can be found here: http://www.redhat.com/security/updates/classification/ |
References
- http://svn.apache.org/viewvc?view=revision&revision=918427
- https://bugzilla.redhat.com/show_bug.cgi?id=570171
- http://www.securityfocus.com/bid/38494
- http://svn.apache.org/viewvc?view=revision&revision=917867
- https://issues.apache.org/bugzilla/show_bug.cgi?id=48359
- http://httpd.apache.org/security/vulnerabilities_22.html
- http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/server/protocol.c?r1=917617&r2=917867&pathrev=917867&diff_format=h
- http://www.redhat.com/support/errata/RHSA-2010-0168.html
- http://www.redhat.com/support/errata/RHSA-2010-0175.html
- http://secunia.com/advisories/39628
- http://www-01.ibm.com/support/docview.wss?uid=swg1PM12247
- http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00006.html
- http://secunia.com/advisories/39501
- http://lists.fedoraproject.org/pipermail/package-announce/2010-May/040652.html
- http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039957.html
- http://www.vupen.com/english/advisories/2010/1057
- http://secunia.com/advisories/39632
- http://www.vupen.com/english/advisories/2010/0911
- http://www.vupen.com/english/advisories/2010/0994
- http://www.debian.org/security/2010/dsa-2035
- http://www.vupen.com/english/advisories/2010/1001
- http://secunia.com/advisories/39656
- http://secunia.com/advisories/40096
- http://www-01.ibm.com/support/docview.wss?uid=swg1PM15829
- http://www-01.ibm.com/support/docview.wss?uid=swg1PM08939
- http://www.vupen.com/english/advisories/2010/1411
- http://secunia.com/advisories/39100
- http://secunia.com/advisories/39115
- http://lists.vmware.com/pipermail/security-announce/2010/000105.html
- http://www.vmware.com/security/advisories/VMSA-2010-0014.html
- http://support.apple.com/kb/HT4435
- http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html
- http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html
- http://marc.info/?l=bugtraq&m=127557640302499&w=2
- https://exchange.xforce.ibmcloud.com/vulnerabilities/56625
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8695
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10358
- https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/r688df6f16f141e966a0a47f817e559312b3da27886f59116a94b273d%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/re2e23465bbdb17ffe109d21b4f192e6b58221cd7aa8797d530b4cd75%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/rad2acee3ab838b52c04a0698b1728a9a43467bf365bd481c993c535d%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3Ccvs.httpd.apache.org%3E