CVE-2010-0408
Published Mar 5, 2010
Last updated a year ago
Overview
- Description
- The ap_proxy_ajp_request function in mod_proxy_ajp.c in mod_proxy_ajp in the Apache HTTP Server 2.2.x before 2.2.15 does not properly handle certain situations in which a client sends no request body, which allows remote attackers to cause a denial of service (backend server outage) via a crafted request, related to use of a 500 error code instead of the appropriate 400 error code.
- Source
- secalert@redhat.com
- NVD status
- Analyzed
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 5
- Impact score
- 2.9
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:N/I:N/A:P
Weaknesses
- nvd@nist.gov
- NVD-CWE-Other
Evaluator
- Comment
- Per: http://cwe.mitre.org/data/definitions/703.html CWE-703: Failure to Handle Exceptional Conditions
- Impact
- Per: http://httpd.apache.org/security/vulnerabilities_22.html Affects: 2.2.14, 2.2.13, 2.2.12, 2.2.11, 2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0
- Solution
- Per: http://httpd.apache.org/security/vulnerabilities_22.html Affects: 2.2.14, 2.2.13, 2.2.12, 2.2.11, 2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:http_server:2.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "ACBC75F8-C1AF-45AE-91BA-5670EF2D0DCD"
},
{
"criteria": "cpe:2.3:a:apache:http_server:2.2.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "67AD11FB-529C-404E-A13B-284F145322B8"
},
{
"criteria": "cpe:2.3:a:apache:http_server:2.2.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CCBBB7FE-35FC-4515-8393-5145339FCE4D"
},
{
"criteria": "cpe:2.3:a:apache:http_server:2.2.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F519633F-AB68-495A-B85E-FD41F9F752CA"
},
{
"criteria": "cpe:2.3:a:apache:http_server:2.2.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A894BED6-C97D-4DA4-A13D-9CB2B3306BC5"
},
{
"criteria": "cpe:2.3:a:apache:http_server:2.2.6:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "34A847D1-5AD5-4EFD-B165-7602AFC1E656"
},
{
"criteria": "cpe:2.3:a:apache:http_server:2.2.8:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9AF3A0F5-4E5C-4278-9927-1F94F25CCAFC"
},
{
"criteria": "cpe:2.3:a:apache:http_server:2.2.9:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "AB63EBE5-CF14-491E-ABA5-67116DFE3E5B"
},
{
"criteria": "cpe:2.3:a:apache:http_server:2.2.11:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B1CF6394-95D9-42AF-A442-385EFF9CEFE1"
},
{
"criteria": "cpe:2.3:a:apache:http_server:2.2.12:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "02B629FB-88C8-4E85-A137-28770F1E524E"
},
{
"criteria": "cpe:2.3:a:apache:http_server:2.2.13:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "03550EF0-DF89-42FE-BF0E-994514EBD947"
},
{
"criteria": "cpe:2.3:a:apache:http_server:2.2.14:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4886CCAB-6D4E-45C7-B177-2E8DBEA15531"
}
],
"operator": "OR"
}
]
}
]