Executive Summary
Summary | |
---|---|
Title | Apache mod_isapi module library unload results in orphaned callback pointers |
Informations | |||
---|---|---|---|
Name | VU#280613 | First vendor Publication | 2010-03-11 |
Vendor | VU-CERT | Last vendor Modification | 2010-03-11 |
Severity (Vendor) | N/A | Revision | M |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 10 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Vulnerability Note VU#280613Apache mod_isapi module library unload results in orphaned callback pointersOverviewThe Apache mod_isapi module can be forced to unload a specific library before the processing of a request is complete, resulting in memory corruption. This vulnerability may allow a remote attacker to execute arbitrary code.I. DescriptionThe Apache HTTP server running on Windows platforms contains a flaw in mod_isapi which could enable an attacker to unload ISAPI.dll before request processing is complete. An attacker can send a specially-crafted request and RESET packet to the server, resulting in ISAPI.dll being unloaded. Additional requests can result in memory corruption.This vulnerability affects Apache httpd versions 2.2.14, 2.2.13, 2.2.12, 2.2.11, 2.2.10, 2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0, 2.0.63, 2.0.61, 2.0.59, 2.0.58, 2.0.55, 2.0.54, 2.0.53, 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, and 2.0.37. The Apache Software Foundation has released httpd 2.2.15 and 2.0.64-dev, which address this and other issues. Updates can be found on the Apache httpd website.
References
Apache credits Brett Gervasoni of Sense of Security for reporting the issue. This document was written by David Warren.
|
Original Source
Url : http://www.kb.cert.org/vuls/id/280613 |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:8439 | |||
Oval ID: | oval:org.mitre.oval:def:8439 | ||
Title: | Apache 'mod_isapi' Memory Corruption Vulnerability | ||
Description: | modules/arch/win32/mod_isapi.c in mod_isapi in the Apache HTTP Server 2.0.37 through 2.0.63, 2.2.0 through 2.2.14, and 2.3.x before 2.3.7, when running on Windows, does not ensure that request processing is complete before calling isapi_unload for an ISAPI .dll module, which allows remote attackers to execute arbitrary code via unspecified vectors related to a crafted request, a reset packet, and "orphaned callback pointers." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2010-0425 | Version: | 7 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows 7 | Product(s): | Apache |
Definition Synopsis: | |||
CPE : Common Platform Enumeration
ExploitDB Exploits
id | Description |
---|---|
2010-07-09 | Write-to-file Shellcode (Win32) |
2010-03-07 | Apache 2.2.14 mod_isapi Dangling Pointer Remote SYSTEM Exploit |
OpenVAS Exploits
Date | Description |
---|---|
2010-03-04 | Name : Apache Multiple Security Vulnerabilities File : nvt/gb_apache_38494.nasl |
0000-00-00 | Name : Slackware Advisory SSA:2010-067-01 httpd File : nvt/esoft_slk_ssa_2010_067_01.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
62674 | Apache HTTP Server mod_isapi Module Unloading Crafted Request Remote DoS |
Snort® IPS/IDS
Date | Description |
---|---|
2014-01-10 | Apache mod_isapi dangling pointer exploit attempt RuleID : 19124 - Revision : 7 - Type : SERVER-APACHE |
2014-01-10 | Apache mod_isapi dangling pointer code execution attempt RuleID : 19107 - Revision : 10 - Type : SERVER-APACHE |
2014-01-10 | Apache mod_isapi dangling pointer exploit attempt RuleID : 16480 - Revision : 5 - Type : SERVER-APACHE |
2014-01-10 | Apache mod_isapi dangling pointer exploit attempt - public shell code RuleID : 16479 - Revision : 5 - Type : SERVER-APACHE |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2017-10-31 | Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2017-2907-1.nasl - Type : ACT_GATHER_INFO |
2013-08-11 | Name : The remote web server may be affected by multiple vulnerabilities. File : oracle_http_server_cpu_jul_2013.nasl - Type : ACT_GATHER_INFO |
2010-10-20 | Name : The remote web server is affected by multiple vulnerabilities. File : apache_2_0_64.nasl - Type : ACT_GATHER_INFO |
2010-10-20 | Name : The remote web server is affected by multiple vulnerabilities File : apache_2_2_15.nasl - Type : ACT_GATHER_INFO |
2010-03-09 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2010-067-01.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 12:07:42 |
|