CVE-2010-0010

Severity Score

6.8

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Integer overflow in the ap_proxy_send_fb function in proxy/proxy_util.c in mod_proxy in the Apache HTTP Server before 1.3.42 on 64-bit platforms allows remote origin servers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a large chunk size that triggers a heap-based buffer overflow.

Desbordamiento de enteros en la función ap_proxy_send_fb en proxy/proxy_util.c en mod_proxy en el servidor HTTP Apache anterior a v1.3.42 en plataformas de 64 bits permite a los servidores de origen remoto provocar una denegación de servicio (cuelgue del demonio) o posiblemente ejecutar código arbitrario a través de un fragmento de gran tamaño que provoca un desbordamiento de búfer basado en memoria dinámica.

*Credits: N/A

CVSS Scores

NISTv2 6.8

Attack Vector

Network

Attack Complexity

Medium

Authentication

None

Confidentiality

Partial

Integrity

Partial

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2009-12-14 CVE Reserved
2010-02-02 CVE Published
2024-08-07 CVE Updated
2024-08-07 First Exploit
2024-10-23 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-189: Numeric Errors

CAPEC

References (23)

URL	Tag	Source
http://blog.pi3.com.pl/?p=69	X_refsource_misc
http://httpd.apache.org/dev/dist/CHANGES_1.3.42	X_refsource_confirm
http://secunia.com/advisories/39656	Third Party Advisory
http://site.pi3.com.pl/adv/mod_proxy.txt	X_refsource_misc
http://www.securityfocus.com/archive/1/509185/100/0/threaded	Mailing List
http://www.securitytracker.com/id?1023533	Vdb Entry
http://www.vupen.com/english/advisories/2010/1001	Vdb Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/55941	Vdb Entry
https://lists.apache.org/thread.html/r2295080a257bad27ea68ca0af12fc715577f9e84801eae116a33107e%40%3Ccvs.httpd.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5%40%3Ccvs.httpd.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/rad2acee3ab838b52c04a0698b1728a9a43467bf365bd481c993c535d%40%3Ccvs.httpd.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/reb7c64aeea604bf948467d9d1cab8ff23fa7d002be1964bcc275aae7%40%3Ccvs.httpd.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/rf2f0f3611f937cf6cfb3b4fe4a67f69885855126110e1e3f2fb2728e%40%3Ccvs.httpd.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E	Mailing List
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7923	Signature

URL	Date	SRC
http://archives.neohapsis.com/archives/fulldisclosure/2010-01/0589.html	2024-08-07
http://packetstormsecurity.org/1001-exploits/modproxy-overflow.txt	2024-08-07
http://www.securityfocus.com/bid/37966	2024-08-07

URL	Date	SRC

URL	Date	SRC
http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00006.html	2023-11-07
http://marc.info/?l=bugtraq&m=130497311408250&w=2	2023-11-07
http://secunia.com/advisories/38319	2023-11-07
http://www.vupen.com/english/advisories/2010/0240	2023-11-07

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Apache Search vendor "Apache"		Http Server Search vendor "Apache" for product "Http Server"				<= 1.3.41 Search vendor "Apache" for product "Http Server" and version " <= 1.3.41"		-		Affected
Apache Search vendor "Apache"		Http Server Search vendor "Apache" for product "Http Server"				0.8.11 Search vendor "Apache" for product "Http Server" and version "0.8.11"		-		Affected
Apache Search vendor "Apache"		Http Server Search vendor "Apache" for product "Http Server"				0.8.14 Search vendor "Apache" for product "Http Server" and version "0.8.14"		-		Affected
Apache Search vendor "Apache"		Http Server Search vendor "Apache" for product "Http Server"				1.0 Search vendor "Apache" for product "Http Server" and version "1.0"		-		Affected
Apache Search vendor "Apache"		Http Server Search vendor "Apache" for product "Http Server"				1.0.3 Search vendor "Apache" for product "Http Server" and version "1.0.3"		-		Affected
Apache Search vendor "Apache"		Http Server Search vendor "Apache" for product "Http Server"				1.0.5 Search vendor "Apache" for product "Http Server" and version "1.0.5"		-		Affected
Apache Search vendor "Apache"		Http Server Search vendor "Apache" for product "Http Server"				1.1 Search vendor "Apache" for product "Http Server" and version "1.1"		-		Affected
Apache Search vendor "Apache"		Http Server Search vendor "Apache" for product "Http Server"				1.2 Search vendor "Apache" for product "Http Server" and version "1.2"		-		Affected
Apache Search vendor "Apache"		Http Server Search vendor "Apache" for product "Http Server"				1.2.4 Search vendor "Apache" for product "Http Server" and version "1.2.4"		-		Affected
Apache Search vendor "Apache"		Http Server Search vendor "Apache" for product "Http Server"				1.2.5 Search vendor "Apache" for product "Http Server" and version "1.2.5"		-		Affected
Apache Search vendor "Apache"		Http Server Search vendor "Apache" for product "Http Server"				1.2.6 Search vendor "Apache" for product "Http Server" and version "1.2.6"		-		Affected
Apache Search vendor "Apache"		Http Server Search vendor "Apache" for product "Http Server"				1.3 Search vendor "Apache" for product "Http Server" and version "1.3"		-		Affected
Apache Search vendor "Apache"		Http Server Search vendor "Apache" for product "Http Server"				1.3.0 Search vendor "Apache" for product "Http Server" and version "1.3.0"		-		Affected
Apache Search vendor "Apache"		Http Server Search vendor "Apache" for product "Http Server"				1.3.1 Search vendor "Apache" for product "Http Server" and version "1.3.1"		-		Affected
Apache Search vendor "Apache"		Http Server Search vendor "Apache" for product "Http Server"				1.3.2 Search vendor "Apache" for product "Http Server" and version "1.3.2"		-		Affected
Apache Search vendor "Apache"		Http Server Search vendor "Apache" for product "Http Server"				1.3.3 Search vendor "Apache" for product "Http Server" and version "1.3.3"		-		Affected
Apache Search vendor "Apache"		Http Server Search vendor "Apache" for product "Http Server"				1.3.4 Search vendor "Apache" for product "Http Server" and version "1.3.4"		-		Affected
Apache Search vendor "Apache"		Http Server Search vendor "Apache" for product "Http Server"				1.3.10 Search vendor "Apache" for product "Http Server" and version "1.3.10"		-		Affected
Apache Search vendor "Apache"		Http Server Search vendor "Apache" for product "Http Server"				1.3.11 Search vendor "Apache" for product "Http Server" and version "1.3.11"		-		Affected
Apache Search vendor "Apache"		Http Server Search vendor "Apache" for product "Http Server"				1.3.12 Search vendor "Apache" for product "Http Server" and version "1.3.12"		-		Affected
Apache Search vendor "Apache"		Http Server Search vendor "Apache" for product "Http Server"				1.3.13 Search vendor "Apache" for product "Http Server" and version "1.3.13"		-		Affected
Apache Search vendor "Apache"		Http Server Search vendor "Apache" for product "Http Server"				1.3.14 Search vendor "Apache" for product "Http Server" and version "1.3.14"		-		Affected
Apache Search vendor "Apache"		Http Server Search vendor "Apache" for product "Http Server"				1.3.15 Search vendor "Apache" for product "Http Server" and version "1.3.15"		-		Affected
Apache Search vendor "Apache"		Http Server Search vendor "Apache" for product "Http Server"				1.3.17 Search vendor "Apache" for product "Http Server" and version "1.3.17"		-		Affected
Apache Search vendor "Apache"		Http Server Search vendor "Apache" for product "Http Server"				1.3.18 Search vendor "Apache" for product "Http Server" and version "1.3.18"		-		Affected
Apache Search vendor "Apache"		Http Server Search vendor "Apache" for product "Http Server"				1.3.19 Search vendor "Apache" for product "Http Server" and version "1.3.19"		-		Affected
Apache Search vendor "Apache"		Http Server Search vendor "Apache" for product "Http Server"				1.3.20 Search vendor "Apache" for product "Http Server" and version "1.3.20"		-		Affected
Apache Search vendor "Apache"		Http Server Search vendor "Apache" for product "Http Server"				1.3.22 Search vendor "Apache" for product "Http Server" and version "1.3.22"		-		Affected
Apache Search vendor "Apache"		Http Server Search vendor "Apache" for product "Http Server"				1.3.23 Search vendor "Apache" for product "Http Server" and version "1.3.23"		-		Affected
Apache Search vendor "Apache"		Http Server Search vendor "Apache" for product "Http Server"				1.3.24 Search vendor "Apache" for product "Http Server" and version "1.3.24"		-		Affected
Apache Search vendor "Apache"		Http Server Search vendor "Apache" for product "Http Server"				1.3.25 Search vendor "Apache" for product "Http Server" and version "1.3.25"		-		Affected
Apache Search vendor "Apache"		Http Server Search vendor "Apache" for product "Http Server"				1.3.26 Search vendor "Apache" for product "Http Server" and version "1.3.26"		-		Affected
Apache Search vendor "Apache"		Http Server Search vendor "Apache" for product "Http Server"				1.3.27 Search vendor "Apache" for product "Http Server" and version "1.3.27"		-		Affected
Apache Search vendor "Apache"		Http Server Search vendor "Apache" for product "Http Server"				1.3.28 Search vendor "Apache" for product "Http Server" and version "1.3.28"		-		Affected
Apache Search vendor "Apache"		Http Server Search vendor "Apache" for product "Http Server"				1.3.29 Search vendor "Apache" for product "Http Server" and version "1.3.29"		-		Affected
Apache Search vendor "Apache"		Http Server Search vendor "Apache" for product "Http Server"				1.3.30 Search vendor "Apache" for product "Http Server" and version "1.3.30"		-		Affected
Apache Search vendor "Apache"		Http Server Search vendor "Apache" for product "Http Server"				1.3.31 Search vendor "Apache" for product "Http Server" and version "1.3.31"		-		Affected
Apache Search vendor "Apache"		Http Server Search vendor "Apache" for product "Http Server"				1.3.32 Search vendor "Apache" for product "Http Server" and version "1.3.32"		-		Affected
Apache Search vendor "Apache"		Http Server Search vendor "Apache" for product "Http Server"				1.3.33 Search vendor "Apache" for product "Http Server" and version "1.3.33"		-		Affected
Apache Search vendor "Apache"		Http Server Search vendor "Apache" for product "Http Server"				1.3.34 Search vendor "Apache" for product "Http Server" and version "1.3.34"		-		Affected
Apache Search vendor "Apache"		Http Server Search vendor "Apache" for product "Http Server"				1.3.35 Search vendor "Apache" for product "Http Server" and version "1.3.35"		-		Affected
Apache Search vendor "Apache"		Http Server Search vendor "Apache" for product "Http Server"				1.3.36 Search vendor "Apache" for product "Http Server" and version "1.3.36"		-		Affected
Apache Search vendor "Apache"		Http Server Search vendor "Apache" for product "Http Server"				1.3.37 Search vendor "Apache" for product "Http Server" and version "1.3.37"		-		Affected
Apache Search vendor "Apache"		Http Server Search vendor "Apache" for product "Http Server"				1.3.38 Search vendor "Apache" for product "Http Server" and version "1.3.38"		-		Affected
Apache Search vendor "Apache"		Http Server Search vendor "Apache" for product "Http Server"				1.3.39 Search vendor "Apache" for product "Http Server" and version "1.3.39"		-		Affected
Apache Search vendor "Apache"		Http Server Search vendor "Apache" for product "Http Server"				1.3.40 Search vendor "Apache" for product "Http Server" and version "1.3.40"		-		Affected