Executive Summary

Informations
NameCVE-2010-0010First vendor Publication2010-02-02
VendorCveLast vendor Modification2011-09-06

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:P/I:P/A:P)
Cvss Base Score6.8Attack RangeNetwork
Cvss Impact Score6.4Attack ComplexityMedium
Cvss Expoit Score8.6AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

Integer overflow in the ap_proxy_send_fb function in proxy/proxy_util.c in mod_proxy in the Apache HTTP Server before 1.3.42 on 64-bit platforms allows remote origin servers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a large chunk size that triggers a heap-based buffer overflow.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0010

CWE : Common Weakness Enumeration

idName
CWE-189Numeric Errors

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:7923
 
Oval ID: oval:org.mitre.oval:def:7923
Title: Apache 1.3 mod_proxy HTTP Chunked Encoding Integer Overflow Vulnerability
Description: Integer overflow in the ap_proxy_send_fb function in proxy/proxy_util.c in mod_proxy in the Apache HTTP Server before 1.3.42 on 64-bit platforms allows remote origin servers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a large chunk size that triggers a heap-based buffer overflow.
Family: windows Class: vulnerability
Reference(s): CVE-2010-0010
Version: 4
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows 7
Product(s): Apache
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application46

OpenVAS Exploits

DateDescription
2010-02-10Name : FreeBSD Ports: apache
File : nvt/freebsd_apache16.nasl

Open Source Vulnerability Database (OSVDB)

idDescription
62009Apache HTTP Server src/modules/proxy/proxy_util.c mod_proxy ap_proxy_send_fb(...

Nessus® Vulnerability Scanner

DateDescription
2012-04-23Name : The remote SuSE 9 host is missing a security-related patch.
File : suse9_12609.nasl - Type : ACT_GATHER_INFO
2010-02-11Name : The remote web server may be affected by an integer overflow vulnerability.
File : apache_1_3_42.nasl - Type : ACT_GATHER_INFO
2010-02-04Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_cae01d7b110d11df955a00219b0fc4d8.nasl - Type : ACT_GATHER_INFO

Internal Sources (Detail)

SourceUrl
BIDhttp://www.securityfocus.com/bid/37966
BUGTRAQhttp://www.securityfocus.com/archive/1/archive/1/509185/100/0/threaded
CONFIRMhttp://httpd.apache.org/dev/dist/CHANGES_1.3.42
FULLDISChttp://archives.neohapsis.com/archives/fulldisclosure/2010-01/0589.html
HPhttp://marc.info/?l=bugtraq&m=130497311408250&w=2
http://marc.info/?l=bugtraq&m=130497311408250&w=2
MISChttp://blog.pi3.com.pl/?p=69
http://packetstormsecurity.org/1001-exploits/modproxy-overflow.txt
http://site.pi3.com.pl/adv/mod_proxy.txt
SECTRACKhttp://www.securitytracker.com/id?1023533
SECUNIAhttp://secunia.com/advisories/38319
http://secunia.com/advisories/39656
SUSEhttp://lists.opensuse.org/opensuse-security-announce/2010-04/msg00006.html
VUPENhttp://www.vupen.com/english/advisories/2010/0240
http://www.vupen.com/english/advisories/2010/1001
XFhttp://xforce.iss.net/xforce/xfdb/55941

Alert History

If you want to see full details history, please login or register.
0
1
DateInformations
2014-02-17 10:53:01
  • Multiple Updates
2013-05-10 23:12:58
  • Multiple Updates