CVE-2010-0408

Published Mar 5, 2010

Last updated a year ago

CVSS info 5.0

Overview

Description: The ap_proxy_ajp_request function in mod_proxy_ajp.c in mod_proxy_ajp in the Apache HTTP Server 2.2.x before 2.2.15 does not properly handle certain situations in which a client sends no request body, which allows remote attackers to cause a denial of service (backend server outage) via a crafted request, related to use of a 500 error code instead of the appropriate 400 error code.
Source: secalert@redhat.com
NVD status: Analyzed

Risk scores

CVSS 2.0

Type: Primary
Base score: 5
Impact score: 2.9
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:N/I:N/A:P

Weaknesses

nvd@nist.gov: NVD-CWE-Other

Hype score: Not currently trending

Evaluator

Comment: Per: http://cwe.mitre.org/data/definitions/703.html CWE-703: Failure to Handle Exceptional Conditions
Impact: Per: http://httpd.apache.org/security/vulnerabilities_22.html Affects: 2.2.14, 2.2.13, 2.2.12, 2.2.11, 2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0
Solution: Per: http://httpd.apache.org/security/vulnerabilities_22.html Affects: 2.2.14, 2.2.13, 2.2.12, 2.2.11, 2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:apache:http_server:2.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "ACBC75F8-C1AF-45AE-91BA-5670EF2D0DCD"
          },
          {
            "criteria": "cpe:2.3:a:apache:http_server:2.2.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "67AD11FB-529C-404E-A13B-284F145322B8"
          },
          {
            "criteria": "cpe:2.3:a:apache:http_server:2.2.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CCBBB7FE-35FC-4515-8393-5145339FCE4D"
          },
          {
            "criteria": "cpe:2.3:a:apache:http_server:2.2.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F519633F-AB68-495A-B85E-FD41F9F752CA"
          },
          {
            "criteria": "cpe:2.3:a:apache:http_server:2.2.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A894BED6-C97D-4DA4-A13D-9CB2B3306BC5"
          },
          {
            "criteria": "cpe:2.3:a:apache:http_server:2.2.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "34A847D1-5AD5-4EFD-B165-7602AFC1E656"
          },
          {
            "criteria": "cpe:2.3:a:apache:http_server:2.2.8:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9AF3A0F5-4E5C-4278-9927-1F94F25CCAFC"
          },
          {
            "criteria": "cpe:2.3:a:apache:http_server:2.2.9:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AB63EBE5-CF14-491E-ABA5-67116DFE3E5B"
          },
          {
            "criteria": "cpe:2.3:a:apache:http_server:2.2.11:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B1CF6394-95D9-42AF-A442-385EFF9CEFE1"
          },
          {
            "criteria": "cpe:2.3:a:apache:http_server:2.2.12:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "02B629FB-88C8-4E85-A137-28770F1E524E"
          },
          {
            "criteria": "cpe:2.3:a:apache:http_server:2.2.13:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "03550EF0-DF89-42FE-BF0E-994514EBD947"
          },
          {
            "criteria": "cpe:2.3:a:apache:http_server:2.2.14:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4886CCAB-6D4E-45C7-B177-2E8DBEA15531"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Evaluator

Configurations

References