Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nvd[email protected]NVD:CVE-2010-0425
HistoryMar 05, 2010 - 7:30 p.m.

CVE-2010-0425

2010-03-0519:30:00
[email protected]
web.nvd.nist.gov
1

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

7.5 High

AI Score

Confidence

Low

0.973 High

EPSS

Percentile

99.9%

JSON

modules/arch/win32/mod_isapi.c in mod_isapi in the Apache HTTP Server 2.0.37 through 2.0.63, 2.2.0 through 2.2.14, and 2.3.x before 2.3.7, when running on Windows, does not ensure that request processing is complete before calling isapi_unload for an ISAPI .dll module, which allows remote attackers to execute arbitrary code via unspecified vectors related to a crafted request, a reset packet, and “orphaned callback pointers.”

Affected configurations

NVD
Node
apachehttp_serverMatch2.3.0
OR
apachehttp_serverMatch2.3.1
OR
apachehttp_serverMatch2.3.2
OR
apachehttp_serverMatch2.3.3
OR
apachehttp_serverMatch2.3.4
OR
apachehttp_serverMatch2.3.5
OR
apachehttp_serverMatch2.3.6
AND
microsoftwindows
Node
apachehttp_serverMatch2.0.9
OR
apachehttp_serverMatch2.0.28
OR
apachehttp_serverMatch2.0.28beta
OR
apachehttp_serverMatch2.0.32
OR
apachehttp_serverMatch2.0.32beta
OR
apachehttp_serverMatch2.0.34beta
OR
apachehttp_serverMatch2.0.35
OR
apachehttp_serverMatch2.0.36
OR
apachehttp_serverMatch2.0.37
OR
apachehttp_serverMatch2.0.38
OR
apachehttp_serverMatch2.0.39
OR
apachehttp_serverMatch2.0.40
OR
apachehttp_serverMatch2.0.41
OR
apachehttp_serverMatch2.0.42
OR
apachehttp_serverMatch2.0.43
OR
apachehttp_serverMatch2.0.44
OR
apachehttp_serverMatch2.0.45
OR
apachehttp_serverMatch2.0.46
OR
apachehttp_serverMatch2.0.47
OR
apachehttp_serverMatch2.0.48
OR
apachehttp_serverMatch2.0.49
OR
apachehttp_serverMatch2.0.50
OR
apachehttp_serverMatch2.0.51
OR
apachehttp_serverMatch2.0.52
OR
apachehttp_serverMatch2.0.53
OR
apachehttp_serverMatch2.0.54
OR
apachehttp_serverMatch2.0.55
OR
apachehttp_serverMatch2.0.56
OR
apachehttp_serverMatch2.0.57
OR
apachehttp_serverMatch2.0.58
OR
apachehttp_serverMatch2.0.59
OR
apachehttp_serverMatch2.0.60
OR
apachehttp_serverMatch2.0.61
OR
apachehttp_serverMatch2.0.63
AND
microsoftwindows
Node
apachehttp_serverMatch-
OR
apachehttp_serverMatch2.2.0
OR
apachehttp_serverMatch2.2.1
OR
apachehttp_serverMatch2.2.2
OR
apachehttp_serverMatch2.2.3
OR
apachehttp_serverMatch2.2.4
OR
apachehttp_serverMatch2.2.6
OR
apachehttp_serverMatch2.2.7
OR
apachehttp_serverMatch2.2.8
OR
apachehttp_serverMatch2.2.9
OR
apachehttp_serverMatch2.2.10
OR
apachehttp_serverMatch2.2.11
OR
apachehttp_serverMatch2.2.12
OR
apachehttp_serverMatch2.2.13
OR
apachehttp_serverMatch2.2.14
AND
microsoftwindows

References

Related

cvelist 1
securityvulns 3
checkpoint_advisories 1
httpd 2
debiancve 1
cve 1
seebug 3
exploitpack 1
packetstorm 1
cert 1
exploitdb 2
prion 1
ubuntucve 1
slackware 1
openvas 5
nessus 8
altlinux 3
vmware 2
kaspersky 2
oracle 1
cvelist
cvelist
CVE-2010-0425
2010-03-05 19:00:00
securityvulns
securityvulns
Apache mod_isapi uninitialized pointer function call
2010-03-11 00:00:00
Apache mod_isapi Dangling Pointer Vulnerability - Security Advisory - SOS-10-002
2010-03-11 00:00:00
Oracle / Sun / MySQL / PeopleSoft applications multiple security vulnerabilities
2013-08-12 00:00:00
checkpoint_advisories
checkpoint_advisories
Apache HTTP Server mod_isapi Dangling Pointer Remote Code Execution (CVE-2010-0425)
2010-05-24 00:00:00
httpd
httpd
Apache Httpd < 2.2.15 : mod_isapi module unload flaw
2010-02-09 00:00:00
Apache Httpd < 2.0.64 : mod_isapi module unload flaw
2010-02-09 00:00:00
debiancve
debiancve
CVE-2010-0425
2010-03-05 19:30:00
cve
cve
CVE-2010-0425
2010-03-05 19:30:00
seebug
seebug
Apache 2.2.14 mod_isapi Dangling Pointer Remote SYSTEM Exploit
2010-03-07 00:00:00
Apache 'mod_isapi' Memory Corruption Vulnerability
2010-03-17 00:00:00
Write-to-file Shellcode (Win32)
2014-07-01 00:00:00
exploitpack
exploitpack
Apache 2.2.14 mod_isapi - Dangling Pointer Remote SYSTEM
2010-03-07 00:00:00
packetstorm
packetstorm
Apache 2.2.14 mod_isapi Remote SYSTEM Exploit
2010-03-06 00:00:00
cert
cert
Apache mod_isapi module library unload results in orphaned callback pointers
2010-03-11 00:00:00
exploitdb
exploitdb
Write-to-file Shellcode Win32
2010-07-09 00:00:00
Apache 2.2.14 mod_isapi - Dangling Pointer Remote SYSTEM
2010-03-07 00:00:00
prion
prion
Design/Logic Flaw
2010-03-05 19:30:00
ubuntucve
ubuntucve
CVE-2010-0425
2010-03-05 00:00:00
slackware
slackware
[slackware-security] httpd
2010-03-08 22:39:33
openvas
openvas
Slackware: Security Advisory (SSA:2010-067-01)
2012-09-10 00:00:00
Slackware Advisory SSA:2010-067-01 httpd
2012-09-11 00:00:00
Apache HTTP Server Multiple Security Vulnerabilities
2010-03-04 00:00:00
nessus
nessus
Slackware 12.0 / 12.1 / 12.2 / 13.0 / current : httpd (SSA:2010-067-01)
2010-03-09 00:00:00
Apache < 2.2.15 Multiple Vulnerabilities
2010-03-08 00:00:00
Apache < 2.2.15 Multiple Vulnerabilities
2010-03-08 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 9 package apache2 version 2.2.16-alt1
2010-09-16 00:00:00
Security fix for the ALT Linux 8 package apache2 version 2.2.16-alt1
2010-09-16 00:00:00
Security fix for the ALT Linux 10 package apache2 version 2.2.16-alt1
2010-09-16 00:00:00
vmware
vmware
VMware Workstation, Player, and ACE address several security issues.
2010-09-23 00:00:00
VMware Workstation, Player, and ACE address several security issues.
2010-09-23 00:00:00
kaspersky
kaspersky
KLA10386 Multiple vulnerabilities in VMware
2010-09-23 00:00:00
KLA10066 Multiple vulnerabilities in Apache httpd
2010-10-19 00:00:00
oracle
oracle
Oracle Critical Patch Update - July 2013
2013-07-16 00:00:00

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

7.5 High

AI Score

Confidence

Low

0.973 High

EPSS

Percentile

99.9%

JSON
Related for NVD:CVE-2010-0425
cvelist1securityvulns3checkpoint_advisories1httpd2debiancve1cve1seebug3exploitpack1packetstorm1cert1exploitdb2prion1ubuntucve1slackware1openvas5nessus8altlinux3vmware2kaspersky2oracle1