CVE-2010-0408

The ap_proxy_ajp_request function in mod_proxy_ajp.c in mod_proxy_ajp in the Apache HTTP Server 2.2.x before 2.2.15 does not properly handle certain situations in which a client sends no request body, which allows remote attackers to cause a denial of service (backend server outage) via a crafted request, related to use of a 500 error code instead of the appropriate 400 error code.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:N/I:N/A:P
redhatCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 95%
VendorProductVersion
apachehttp_server
2.2
apachehttp_server
2.2.0
apachehttp_server
2.2.2
apachehttp_server
2.2.3
apachehttp_server
2.2.4
apachehttp_server
2.2.6
apachehttp_server
2.2.8
apachehttp_server
2.2.9
apachehttp_server
2.2.11
apachehttp_server
2.2.12
apachehttp_server
2.2.13
apachehttp_server
2.2.14
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
apache2
bullseye
2.4.62-1~deb11u1
fixed
lenny
no-dsa
bullseye (security)
2.4.62-1~deb11u2
fixed
bookworm
2.4.62-1~deb12u1
fixed
bookworm (security)
2.4.62-1~deb12u2
fixed
sid
2.4.62-3
fixed
trixie
2.4.62-3
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
apache2
karmic
Fixed 2.2.12-1ubuntu2.2
released
jaunty
Fixed 2.2.11-2ubuntu2.6
released
intrepid
Fixed 2.2.9-7ubuntu3.6
released
hardy
Fixed 2.2.8-1ubuntu0.15
released
dapper
not-affected
References