CVE-2010-0010

 

Published at: - 02-02-2010 05:30

Last modified: - 30-06-2022 05:18

Total changes: - 4

Description

Integer overflow in the ap_proxy_send_fb function in proxy/proxy_util.c in mod_proxy in the Apache HTTP Server before 1.3.42 on 64-bit platforms allows remote origin servers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a large chunk size that triggers a heap-based buffer overflow.

Common Vulnerability Scoring System (CVSS)

AV:N/AC:M/Au:N/C:P/I:P/A:P

 

Verification logic

 

Reference

• http://site.pi3.com.pl/adv/mod_proxy.txt
• http://blog.pi3.com.pl/?p=69
• http://httpd.apache.org/dev/dist/CHANGES_1.3.42
• 38319-Vendor Advisory
• ADV-2010-0240-Vendor Advisory
• http://packetstormsecurity.org/1001-exploits/modproxy-overflow.txt
• 20100127 Mod_proxy from apache 1.3 - Integer overflow which causes heap overflow.-Exploit
• 37966-Exploit
• 1023533-
• SUSE-SR:2010:010-
• 39656-
• ADV-2010-1001-
• SSRT090208-
• modproxy-approxysendfb-bo(55941)-
• oval:org.mitre.oval:def:7923-
• 20100127 Mod_proxy from apache 1.3 - Integer overflow which causes heap overflow.-
• [httpd-cvs] 20210330 svn commit: r1888194 [6/13] - /httpd/site/trunk/content/security/json/-
• [httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/-
• [httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/-
• [httpd-cvs] 20210330 svn commit: r1073149 [7/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/-
• [httpd-cvs] 20210606 svn commit: r1075470 [1/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html-
• [httpd-cvs] 20210330 svn commit: r1073139 [6/13] - in /websites/staging/httpd/trunk/content: ./ security/json/-
• [httpd-cvs] 20210330 svn commit: r1073140 [1/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html-

 

Keywords

NVD

 

CVE-2010-0010

 

CVE

 

Common vulnerabilities & exposures

 

CVSS

 

Common vulnerability scoring system

 

Security

 

Vulnerabilities

 

Exposures