10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.973 High
EPSS
Percentile
99.9%
According to its banner, the version of Apache 2.2 installed on the remote host is older than 2.2.15. Such versions are potentially affected by multiple vulnerabilities :
A TLS renegotiation prefix attack is possible. (CVE-2009-3555)
The ‘mod_proxy_ajp’ module returns the wrong status code if it encounters an error which causes the back-end server to be put into an error state. (CVE-2010-0408)
The ‘mod_isapi’ module attempts to unload the ‘ISAPI.DLL’ when it encounters various error states which could leave call-backs in an undefined state. (CVE-2010-0425)
A flaw in the core sub-request process code can lead to sensitive information from a request being handled by the wrong thread if a multi-threaded environment is used. (CVE-2010-0434)
Binary data 5356.prm
Vendor | Product | Version | CPE |
---|---|---|---|
apache | http_server | 2.2 | cpe:/a:apache:http_server:2.2 |
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0408
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0425
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0434
httpd.apache.org/security/vulnerabilities_22.html
archive.apache.org/dist/httpd/CHANGES_2.2.15
issues.apache.org/bugzilla/show_bug.cgi?id=48359