CVE-2010-0425

EUVD-2010-0456
modules/arch/win32/mod_isapi.c in mod_isapi in the Apache HTTP Server 2.0.37 through 2.0.63, 2.2.0 through 2.2.14, and 2.3.x before 2.3.7, when running on Windows, does not ensure that request processing is complete before calling isapi_unload for an ISAPI .dll module, which allows remote attackers to execute arbitrary code via unspecified vectors related to a crafted request, a reset packet, and "orphaned callback pointers."
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
10 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:C/I:C/A:C
Base Score
CVSS 3.x
EPSS Score
Percentile: 99%
Affected Products (NVD)
VendorProductVersion
ibmwebsphere_application_server
6.1 ≤
𝑥
< 6.1.0.31
apachehttp_server
2.0.37 ≤
𝑥
< 2.0.64
apachehttp_server
2.2.0 ≤
𝑥
< 2.2.15
apachehttp_server
2.3.0 ≤
𝑥
< 2.3.7
ibmhttp_server
6.0.2
ibmhttp_server
6.0.2.1
ibmhttp_server
6.0.2.3
ibmhttp_server
6.0.2.7
ibmhttp_server
6.0.2.9
ibmhttp_server
6.0.2.11
ibmhttp_server
6.0.2.13
ibmhttp_server
6.0.2.15
ibmhttp_server
6.0.2.19
ibmhttp_server
6.0.2.21
ibmhttp_server
6.0.2.23
ibmhttp_server
6.0.2.25
ibmhttp_server
6.0.2.27
ibmhttp_server
6.0.2.29
ibmhttp_server
6.0.2.31
ibmhttp_server
6.0.2.33
ibmhttp_server
6.0.2.35
ibmhttp_server
6.0.2.37
ibmhttp_server
6.0.2.39
ibmhttp_server
6.1
ibmhttp_server
6.1.0.2
ibmhttp_server
6.1.0.3
ibmhttp_server
6.1.0.5
ibmhttp_server
6.1.0.7
ibmhttp_server
6.1.0.9
ibmhttp_server
6.1.0.11
ibmhttp_server
6.1.0.13
ibmhttp_server
6.1.0.15
ibmhttp_server
6.1.0.17
ibmhttp_server
6.1.0.19
ibmhttp_server
6.1.0.21
ibmhttp_server
6.1.0.23
ibmhttp_server
6.1.0.25
ibmhttp_server
6.1.0.27
ibmhttp_server
6.1.0.29
oraclehttp_server
10.1.3.5.0
broadcomvmware_ace_management_server
𝑥
< 2.7.2
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
apache2
bookworm
2.4.62-1~deb12u1
fixed
bookworm (security)
2.4.62-1~deb12u2
fixed
bullseye
2.4.62-1~deb11u1
fixed
bullseye (security)
2.4.62-1~deb11u2
fixed
sid
2.4.62-3
fixed
trixie
2.4.62-3
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
apache2
dapper
not-affected
hardy
not-affected
intrepid
not-affected
jaunty
not-affected
karmic
not-affected
References
http://httpd.apache.org/security/vulnerabilities_20.html
http://httpd.apache.org/security/vulnerabilities_22.html
http://lists.vmware.com/pipermail/security-announce/2010/000105.html
http://secunia.com/advisories/38978
http://secunia.com/advisories/39628
http://svn.apache.org/viewvc/httpd/httpd/trunk/CHANGES?r1=917870&r2=917869&pathrev=917870
http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/arch/win32/mod_isapi.c?r1=917870&r2=917869&pathrev=917870
http://svn.apache.org/viewvc?view=revision&revision=917870
http://www-01.ibm.com/support/docview.wss?uid=swg1PM09447
http://www-01.ibm.com/support/docview.wss?uid=swg1PM12247
http://www.kb.cert.org/vuls/id/280613
http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html
http://www.securityfocus.com/bid/38494
http://www.securitytracker.com/id?1023701
http://www.senseofsecurity.com.au/advisories/SOS-10-002
http://www.vmware.com/security/advisories/VMSA-2010-0014.html
http://www.vupen.com/english/advisories/2010/0634
http://www.vupen.com/english/advisories/2010/0994
https://exchange.xforce.ibmcloud.com/vulnerabilities/56624
https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r2295080a257bad27ea68ca0af12fc715577f9e84801eae116a33107e%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rad2acee3ab838b52c04a0698b1728a9a43467bf365bd481c993c535d%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/reb7c64aeea604bf948467d9d1cab8ff23fa7d002be1964bcc275aae7%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8439
https://www.exploit-db.com/exploits/11650
http://httpd.apache.org/security/vulnerabilities_20.html
http://httpd.apache.org/security/vulnerabilities_22.html
http://lists.vmware.com/pipermail/security-announce/2010/000105.html
http://secunia.com/advisories/38978
http://secunia.com/advisories/39628
http://svn.apache.org/viewvc/httpd/httpd/trunk/CHANGES?r1=917870&r2=917869&pathrev=917870
http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/arch/win32/mod_isapi.c?r1=917870&r2=917869&pathrev=917870
http://svn.apache.org/viewvc?view=revision&revision=917870
http://www-01.ibm.com/support/docview.wss?uid=swg1PM09447
http://www-01.ibm.com/support/docview.wss?uid=swg1PM12247
http://www.kb.cert.org/vuls/id/280613
http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html
http://www.securityfocus.com/bid/38494
http://www.securitytracker.com/id?1023701
http://www.senseofsecurity.com.au/advisories/SOS-10-002
http://www.vmware.com/security/advisories/VMSA-2010-0014.html
http://www.vupen.com/english/advisories/2010/0634
http://www.vupen.com/english/advisories/2010/0994
https://exchange.xforce.ibmcloud.com/vulnerabilities/56624
https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r2295080a257bad27ea68ca0af12fc715577f9e84801eae116a33107e%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rad2acee3ab838b52c04a0698b1728a9a43467bf365bd481c993c535d%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/reb7c64aeea604bf948467d9d1cab8ff23fa7d002be1964bcc275aae7%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8439
https://www.exploit-db.com/exploits/11650