CVE-2010-0010
Published Feb 2, 2010
Last updated a year ago
Overview
- Description
- Integer overflow in the ap_proxy_send_fb function in proxy/proxy_util.c in mod_proxy in the Apache HTTP Server before 1.3.42 on 64-bit platforms allows remote origin servers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a large chunk size that triggers a heap-based buffer overflow.
- Source
- secalert@redhat.com
- NVD status
- Modified
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 6.8
- Impact score
- 6.4
- Exploitability score
- 8.6
- Vector string
- AV:N/AC:M/Au:N/C:P/I:P/A:P
Weaknesses
- nvd@nist.gov
- CWE-189
Vendor comments
- Red HatThis issue does not affect the Apache HTTP Server versions 2 and greater. This flaw does not affect any supported versions of Red Hat Enterprise Linux. This flaw does affect Red Hat Network Proxy and Red Hat Network Satellite. While those products do not use this feature, we are tracking the issue with the following bug: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-0010
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5F5D3D03-D7FD-4A03-A5E2-866BEFA04900",
"versionEndIncluding": "1.3.41"
},
{
"criteria": "cpe:2.3:a:apache:http_server:0.8.11:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E80E240C-9879-48EC-AC9A-2C1FD5E2DD8E"
},
{
"criteria": "cpe:2.3:a:apache:http_server:0.8.14:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "AF16AF7D-9475-435F-AE36-F16CE8F45A75"
},
{
"criteria": "cpe:2.3:a:apache:http_server:1.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "06F3141B-2C30-4230-A425-465E235539EE"
},
{
"criteria": "cpe:2.3:a:apache:http_server:1.0.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B5EA86B9-4F86-4ADA-BC6A-4F6E261848F6"
},
{
"criteria": "cpe:2.3:a:apache:http_server:1.0.5:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CA6523AC-ECC9-4A79-9387-18308FCF9A68"
},
{
"criteria": "cpe:2.3:a:apache:http_server:1.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "BDCBCF0F-63FB-4A03-92F8-FF121083CD85"
},
{
"criteria": "cpe:2.3:a:apache:http_server:1.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0AB1AA4A-DF05-445A-858F-39A9CC2892A8"
},
{
"criteria": "cpe:2.3:a:apache:http_server:1.2.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "911D0BDC-DE99-4E7A-B36C-78D0FB34B53C"
},
{
"criteria": "cpe:2.3:a:apache:http_server:1.2.5:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "AB26F3B0-04F8-43C1-9136-B85932F1C2F1"
},
{
"criteria": "cpe:2.3:a:apache:http_server:1.2.6:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A9B1553E-7F42-4418-9D33-862E1DB0BD8C"
},
{
"criteria": "cpe:2.3:a:apache:http_server:1.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "28EC1F94-04F3-490A-8324-1EB60EEBAD4B"
},
{
"criteria": "cpe:2.3:a:apache:http_server:1.3.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D9B12229-3F9E-469C-8AD6-7E43FA45B876"
},
{
"criteria": "cpe:2.3:a:apache:http_server:1.3.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "30D94958-0D13-4076-B6F0-61D505136789"
},
{
"criteria": "cpe:2.3:a:apache:http_server:1.3.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "691D7D29-420E-4ABC-844F-D5DD401598F1"
},
{
"criteria": "cpe:2.3:a:apache:http_server:1.3.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B22DA22E-54DA-46CF-B3AE-4B0900D8086A"
},
{
"criteria": "cpe:2.3:a:apache:http_server:1.3.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F90F496A-5D57-448F-A46F-E15F06CBFD01"
},
{
"criteria": "cpe:2.3:a:apache:http_server:1.3.10:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F715F8CB-A473-4374-8CF1-E9D74EBA5E8F"
},
{
"criteria": "cpe:2.3:a:apache:http_server:1.3.11:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7B6EE0E2-D608-4E72-A0E5-F407511405C2"
},
{
"criteria": "cpe:2.3:a:apache:http_server:1.3.12:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "33FD6791-3B84-40CA-BCF4-B5637B172F2A"
},
{
"criteria": "cpe:2.3:a:apache:http_server:1.3.13:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "06F447C8-15FE-44DE-86AD-5E2D496AB2A6"
},
{
"criteria": "cpe:2.3:a:apache:http_server:1.3.14:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6DDD2F69-CFD4-4DEA-B43A-1337EEFA95A3"
},
{
"criteria": "cpe:2.3:a:apache:http_server:1.3.15:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A4955E57-9C5D-40C2-BD5F-A383FF3C33FB"
},
{
"criteria": "cpe:2.3:a:apache:http_server:1.3.17:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0A80B17D-FD66-40BD-9ADC-FE7A3944A696"
},
{
"criteria": "cpe:2.3:a:apache:http_server:1.3.18:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "713ADED4-CBE5-40C3-A128-99CFABF24560"
},
{
"criteria": "cpe:2.3:a:apache:http_server:1.3.19:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "70FA0B8E-1A90-4939-871A-38B9E93BCCC1"
},
{
"criteria": "cpe:2.3:a:apache:http_server:1.3.20:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "83BDEAE5-29B9-48E3-93FA-F30832044C9A"
},
{
"criteria": "cpe:2.3:a:apache:http_server:1.3.22:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A2720E06-1B0E-4BFE-8C85-A17E597BB151"
},
{
"criteria": "cpe:2.3:a:apache:http_server:1.3.23:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3EE1DECF-36C7-4968-8B7A-7A2034C2A957"
},
{
"criteria": "cpe:2.3:a:apache:http_server:1.3.24:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B67BD173-8517-4E97-BC65-D9657C63601A"
},
{
"criteria": "cpe:2.3:a:apache:http_server:1.3.25:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B392A96F-FD2F-4073-8EED-EB31E1F20FE4"
},
{
"criteria": "cpe:2.3:a:apache:http_server:1.3.26:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E130104B-86F5-411E-8AC0-9B4B780BCA00"
},
{
"criteria": "cpe:2.3:a:apache:http_server:1.3.27:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0E62E621-74DA-4D99-A79C-AD2B85896A2B"
},
{
"criteria": "cpe:2.3:a:apache:http_server:1.3.28:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2C577188-BD56-4571-A61A-1684DC9E9DD9"
},
{
"criteria": "cpe:2.3:a:apache:http_server:1.3.29:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5B3A4CD9-1E96-4D3B-938D-F2D15855B0DD"
},
{
"criteria": "cpe:2.3:a:apache:http_server:1.3.30:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "65AD2A8B-2BCA-4CE5-A03C-BFC07DF52EDC"
},
{
"criteria": "cpe:2.3:a:apache:http_server:1.3.31:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4058CE14-1CC8-42FD-A6BD-6869C1610E57"
},
{
"criteria": "cpe:2.3:a:apache:http_server:1.3.32:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0716E399-A5FE-4C49-BC48-CD97C03997A7"
},
{
"criteria": "cpe:2.3:a:apache:http_server:1.3.33:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "EE672251-C99E-49B7-9526-E535E3EE313A"
},
{
"criteria": "cpe:2.3:a:apache:http_server:1.3.34:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CD08A86E-B2B6-4BE3-8514-E1940340C60A"
},
{
"criteria": "cpe:2.3:a:apache:http_server:1.3.35:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "814644C7-EECB-4006-BBDC-9AF0AF56098B"
},
{
"criteria": "cpe:2.3:a:apache:http_server:1.3.36:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "42941901-B01D-4F12-AB7F-48A7F9BB4800"
},
{
"criteria": "cpe:2.3:a:apache:http_server:1.3.37:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0028C6B6-B65C-4878-BA7E-E1ABCED5202C"
},
{
"criteria": "cpe:2.3:a:apache:http_server:1.3.38:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "52820C56-B1AA-4D07-BC92-648EC4813D5B"
},
{
"criteria": "cpe:2.3:a:apache:http_server:1.3.39:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "31D3FBB6-3CFE-4B34-8516-AC18FA9E6B72"
},
{
"criteria": "cpe:2.3:a:apache:http_server:1.3.40:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "EA12FF1A-428B-4E71-9A03-102186EFC014"
}
],
"operator": "OR"
}
]
}
]