Overview
- Description
- Unspecified vulnerability in mod_proxy_balancer for Apache HTTP Server 2.2.x before 2.2.7-dev, when running on Windows, allows remote attackers to trigger memory corruption via a long URL. NOTE: the vendor could not reproduce this issue
- Source
- cve@mitre.org
- NVD status
- Modified
- CNA Tags
- disputed
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 7.8
- Impact score
- 6.9
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:N/I:N/A:C
Weaknesses
- nvd@nist.gov
- CWE-399
Social media
- Hype score
- Not currently trending
Vendor comments
- Red Hatmod_proxy_balancer is included in the version of Apache HTTP Server as shipped in Red Hat Enterprise Linux 5 and Red Hat Application Stack v2. Red Hat was unable to reproduce this issue.
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_nt:*:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "ED27882B-A02A-4D5F-9117-A47976C676E0"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:http_server:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D623D8C0-65D2-4269-A1D4-5CB3899F44C8"
},
{
"criteria": "cpe:2.3:a:apache:http_server:2.2.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CCBBB7FE-35FC-4515-8393-5145339FCE4D"
},
{
"criteria": "cpe:2.3:a:apache:http_server:2.2.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F519633F-AB68-495A-B85E-FD41F9F752CA"
},
{
"criteria": "cpe:2.3:a:apache:http_server:2.2.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A894BED6-C97D-4DA4-A13D-9CB2B3306BC5"
},
{
"criteria": "cpe:2.3:a:apache:http_server:2.2.6:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "34A847D1-5AD5-4EFD-B165-7602AFC1E656"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]