Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusTenable5356.PRM
HistoryMar 08, 2010 - 12:00 a.m.

Apache < 2.2.15 Multiple Vulnerabilities

2010-03-0800:00:00
Tenable
www.tenable.com
33

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.973 High

EPSS

Percentile

99.9%

JSON

According to its banner, the version of Apache 2.2 installed on the remote host is older than 2.2.15. Such versions are potentially affected by multiple vulnerabilities :

  • A TLS renegotiation prefix attack is possible. (CVE-2009-3555)

  • The ‘mod_proxy_ajp’ module returns the wrong status code if it encounters an error which causes the back-end server to be put into an error state. (CVE-2010-0408)

  • The ‘mod_isapi’ module attempts to unload the ‘ISAPI.DLL’ when it encounters various error states which could leave call-backs in an undefined state. (CVE-2010-0425)

  • A flaw in the core sub-request process code can lead to sensitive information from a request being handled by the wrong thread if a multi-threaded environment is used. (CVE-2010-0434)

Binary data 5356.prm
VendorProductVersionCPE
apachehttp_server2.2cpe:/a:apache:http_server:2.2

Related

nessus 53
openvas 58
fedora 7
slackware 2
redhat 4
debian 4
osv 1
oraclelinux 3
ubuntu 4
centos 4
altlinux 4
cert 1
nvd 4
exploitdb 1
seebug 6
cvelist 4
securityvulns 7
checkpoint_advisories 1
httpd 5
debiancve 3
cve 3
exploitpack 1
packetstorm 1
veracode 3
ubuntucve 3
prion 3
f5 4
fortinet 1
hackerone 1
cisco 1
mozilla 1
suse 1
nessus
nessus
Apache < 2.2.15 Multiple Vulnerabilities
2010-03-08 00:00:00
Apache 2.2.x < 2.2.15 Multiple Vulnerabilities
2010-10-20 00:00:00
Slackware 12.0 / 12.1 / 12.2 / 13.0 / current : httpd (SSA:2010-067-01)
2010-03-09 00:00:00
openvas
openvas
Fedora Update for httpd FEDORA-2010-6055
2010-06-07 00:00:00
Slackware: Security Advisory (SSA:2010-067-01)
2012-09-10 00:00:00
Fedora Update for httpd FEDORA-2010-6055
2010-06-07 00:00:00
fedora
fedora
[SECURITY] Fedora 12 Update: httpd-2.2.15-1.fc12.2
2010-05-31 18:25:29
[SECURITY] Fedora 11 Update: httpd-2.2.15-1.fc11.1
2010-05-04 06:06:43
[SECURITY] Fedora 13 Update: httpd-2.2.15-1.fc13
2010-04-22 22:51:41
slackware
slackware
[slackware-security] httpd
2010-03-08 22:39:33
openssl
2009-11-16 13:42:36
redhat
redhat
(RHSA-2010:0396) Moderate: httpd and httpd22 security and enhancement update
2010-05-05 00:00:00
(RHSA-2010:0168) Moderate: httpd security and enhancement update
2010-03-25 00:00:00
(RHSA-2010:0175) Low: httpd security, bug fix, and enhancement update
2010-03-25 00:00:00
debian
debian
[SECURITY] [DSA-2035-1] New apache2 packages fix several issues
2010-04-17 20:58:14
[SECURITY] [DSA-2035-1] New apache2 packages fix several issues
2010-04-17 20:58:14
[SECURITY] [DSA-2141-1] New apache2 packages add backward compatibility option
2011-01-05 23:21:00
osv
osv
apache2 - several issues
2010-04-17 00:00:00
oraclelinux
oraclelinux
httpd security and enhancement update
2010-03-25 00:00:00
httpd security, bug fix, and enhancement update
2010-03-25 00:00:00
openssl097a security update
2010-03-25 00:00:00
ubuntu
ubuntu
Apache vulnerabilities
2010-03-10 00:00:00
nss vulnerability
2010-06-29 00:00:00
NSS vulnerability
2010-07-23 00:00:00
centos
centos
httpd, mod_ssl security update
2010-03-28 15:40:00
httpd, mod_ssl security update
2010-03-28 20:51:15
nspr, nss security update
2010-03-28 15:36:50
altlinux
altlinux
Security fix for the ALT Linux 10 package apache2 version 2.2.16-alt1
2010-09-16 00:00:00
Security fix for the ALT Linux 9 package apache2 version 2.2.16-alt1
2010-09-16 00:00:00
Security fix for the ALT Linux 8 package apache2 version 2.2.16-alt1
2010-09-16 00:00:00
cert
cert
Apache mod_isapi module library unload results in orphaned callback pointers
2010-03-11 00:00:00
nvd
nvd
CVE-2010-0425
2010-03-05 19:30:00
CVE-2010-0434
2010-03-05 19:30:00
CVE-2010-0408
2010-03-05 16:30:00
exploitdb
exploitdb
Write-to-file Shellcode Win32
2010-07-09 00:00:00
seebug
seebug
Write-to-file Shellcode (Win32)
2014-07-01 00:00:00
Apache 2.2.14 mod_isapi Dangling Pointer Remote SYSTEM Exploit
2010-03-07 00:00:00
Apache 'mod_isapi' Memory Corruption Vulnerability
2010-03-17 00:00:00
cvelist
cvelist
CVE-2010-0425
2010-03-05 19:00:00
CVE-2010-0434
2010-03-05 19:00:00
CVE-2009-3555
2009-11-09 17:00:00
securityvulns
securityvulns
Apache mod_isapi uninitialized pointer function call
2010-03-11 00:00:00
Apache mod_isapi Dangling Pointer Vulnerability - Security Advisory - SOS-10-002
2010-03-11 00:00:00
[ MDVSA-2010:057 ] apache
2010-03-09 00:00:00
checkpoint_advisories
checkpoint_advisories
Apache HTTP Server mod_isapi Dangling Pointer Remote Code Execution (CVE-2010-0425)
2010-05-24 00:00:00
httpd
httpd
Apache Httpd < 2.2.15 : mod_isapi module unload flaw
2010-02-09 00:00:00
Apache Httpd < 2.0.64 : mod_isapi module unload flaw
2010-02-09 00:00:00
Apache Httpd < 2.0.64 : Subrequest handling of request headers (mod_headers)
2009-12-09 00:00:00
debiancve
debiancve
CVE-2010-0425
2010-03-05 19:30:00
CVE-2010-0434
2010-03-05 19:30:00
CVE-2010-0408
2010-03-05 16:30:00
cve
cve
CVE-2010-0425
2010-03-05 19:30:00
CVE-2010-0434
2010-03-05 19:30:00
CVE-2010-0408
2010-03-05 16:30:00
exploitpack
exploitpack
Apache 2.2.14 mod_isapi - Dangling Pointer Remote SYSTEM
2010-03-07 00:00:00
packetstorm
packetstorm
Apache 2.2.14 mod_isapi Remote SYSTEM Exploit
2010-03-06 00:00:00
veracode
veracode
Information Disclosure
2020-04-10 00:47:47
Denial Of Service (DoS)
2020-04-10 00:47:47
Man-in-the-Middle (MitM)
2020-04-10 00:36:56
ubuntucve
ubuntucve
CVE-2010-0434
2010-03-05 00:00:00
CVE-2010-0425
2010-03-05 00:00:00
CVE-2010-0408
2010-03-05 00:00:00
prion
prion
Design/Logic Flaw
2010-03-05 19:30:00
Design/Logic Flaw
2010-03-05 19:30:00
Design/Logic Flaw
2010-03-05 16:30:00
f5
f5
K40284849 : Apache vulnerability CVE-2010-0434
2015-12-23 00:00:00
SOL40284849 - Apache vulnerability CVE-2010-0434
2015-12-23 00:00:00
K52470083 : Apache vulnerability CVE-2010-0408
2015-12-23 00:00:00
fortinet
fortinet
FortiOS SSL Deep-Inspection possible Insecure Renegotiation
2017-11-03 00:00:00
hackerone
hackerone
Slack: TLS1/SSLv3 Renegotiation Vulnerability
2014-04-02 13:01:00
cisco
cisco
Transport Layer Security Renegotiation Vulnerability
2009-11-09 13:00:00
mozilla
mozilla
Update NSS to support TLS renegotiation indication — Mozilla
2010-03-30 00:00:00
suse
suse
man-in-the-middle attack in openssl
2009-11-18 09:50:39

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.973 High

EPSS

Percentile

99.9%

JSON
Related for 5356.PRM
nessus53openvas58fedora7slackware2redhat4debian4osv1oraclelinux3ubuntu4centos4altlinux4cert1nvd4exploitdb1seebug6cvelist4securityvulns7checkpoint_advisories1httpd5debiancve3cve3exploitpack1packetstorm1veracode3ubuntucve3prion3f54fortinet1hackerone1cisco1mozilla1suse1