CVE-2010-0408

Severity

50%

Complexity

99%

Confidentiality

48%

Per: http://cwe.mitre.org/data/definitions/703.html CWE-703: Failure to Handle Exceptional Conditions

The ap_proxy_ajp_request function in mod_proxy_ajp.c in mod_proxy_ajp in the Apache HTTP Server 2.2.x before 2.2.15 does not properly handle certain situations in which a client sends no request body, which allows remote attackers to cause a denial of service (backend server outage) via a crafted request, related to use of a 500 error code instead of the appropriate 400 error code.

Per: http://httpd.apache.org/security/vulnerabilities_22.html Affects: 2.2.14, 2.2.13, 2.2.12, 2.2.11, 2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0

Per: http://cwe.mitre.org/data/definitions/703.html CWE-703: Failure to Handle Exceptional Conditions

CVSS 2.0 Base Score 5. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P).

Overview

First reported 14 years ago

2010-03-05 16:30:00

Last updated 6 years ago

2018-10-30 16:25:00

Affected Software

Apache Software Foundation Apache HTTP Server

Apache Software Foundation Apache HTTP Server 2.2

2.2

Apache Software Foundation Apache HTTP Server 2.2.0

2.2.0

Apache Software Foundation Apache HTTP Server 2.2.2

2.2.2

Apache Software Foundation Apache HTTP Server 2.2.3

2.2.3

Apache Software Foundation Apache HTTP Server 2.2.4

2.2.4

Apache Software Foundation Apache HTTP Server 2.2.6

2.2.6

Apache Software Foundation Apache HTTP Server 2.2.8

2.2.8

Apache Software Foundation Apache HTTP Server 2.2.9

2.2.9

Apache Software Foundation Apache HTTP Server 2.2.11

2.2.11

Apache Software Foundation Apache HTTP Server 2.2.12

2.2.12

Apache Software Foundation Apache HTTP Server 2.2.13

2.2.13

Apache Software Foundation Apache HTTP Server 2.2.14

2.2.14

References

http://httpd.apache.org/security/vulnerabilities_22.html

Patch, Vendor Advisory

APPLE-SA-2010-11-10-1

FEDORA-2010-5942

FEDORA-2010-6131

SUSE-SR:2010:010

SSRT100108

39100

39501

39628

39632

39656

40096

http://support.apple.com/kb/HT4435

http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/modules/proxy/mod_proxy_ajp.c?r1=917876&r2=917875&pathrev=917876

Patch

http://svn.apache.org/viewvc?view=revision&revision=917876

DSA-2035

MDVSA-2010:053

MDVSA-2013:150

http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html

RHSA-2010:0168

38491

ADV-2010-0911

ADV-2010-0994

ADV-2010-1001

ADV-2010-1057

ADV-2010-1411

PM08939

PM12247

PM15829

https://bugzilla.redhat.com/show_bug.cgi?id=569905

[httpd-cvs] 20190815 svn commit: r1048743 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html

[httpd-cvs] 20190815 svn commit: r1048742 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html

[httpd-cvs] 20200401 svn commit: r1058586 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html

[httpd-cvs] 20200401 svn commit: r1058587 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html

oval:org.mitre.oval:def:8619

oval:org.mitre.oval:def:9935

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.