// For flags

CVE-2010-0010

 

Severity Score

6.8
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

3
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Integer overflow in the ap_proxy_send_fb function in proxy/proxy_util.c in mod_proxy in the Apache HTTP Server before 1.3.42 on 64-bit platforms allows remote origin servers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a large chunk size that triggers a heap-based buffer overflow.

Desbordamiento de enteros en la función ap_proxy_send_fb en proxy/proxy_util.c en mod_proxy en el servidor HTTP Apache anterior a v1.3.42 en plataformas de 64 bits permite a los servidores de origen remoto provocar una denegación de servicio (cuelgue del demonio) o posiblemente ejecutar código arbitrario a través de un fragmento de gran tamaño que provoca un desbordamiento de búfer basado en memoria dinámica.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Medium
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2009-12-14 CVE Reserved
  • 2010-02-02 CVE Published
  • 2024-08-07 CVE Updated
  • 2024-08-07 First Exploit
  • 2024-10-23 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-189: Numeric Errors
CAPEC
References (23)
URL Tag Source
http://blog.pi3.com.pl/?p=69 X_refsource_misc
http://httpd.apache.org/dev/dist/CHANGES_1.3.42 X_refsource_confirm
http://secunia.com/advisories/39656 Third Party Advisory
http://site.pi3.com.pl/adv/mod_proxy.txt X_refsource_misc
http://www.securityfocus.com/archive/1/509185/100/0/threaded Mailing List
http://www.securitytracker.com/id?1023533 Vdb Entry
http://www.vupen.com/english/advisories/2010/1001 Vdb Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/55941 Vdb Entry
https://lists.apache.org/thread.html/r2295080a257bad27ea68ca0af12fc715577f9e84801eae116a33107e%40%3Ccvs.httpd.apache.org%3E Mailing List
https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5%40%3Ccvs.httpd.apache.org%3E Mailing List
https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E Mailing List
https://lists.apache.org/thread.html/rad2acee3ab838b52c04a0698b1728a9a43467bf365bd481c993c535d%40%3Ccvs.httpd.apache.org%3E Mailing List
https://lists.apache.org/thread.html/reb7c64aeea604bf948467d9d1cab8ff23fa7d002be1964bcc275aae7%40%3Ccvs.httpd.apache.org%3E Mailing List
https://lists.apache.org/thread.html/rf2f0f3611f937cf6cfb3b4fe4a67f69885855126110e1e3f2fb2728e%40%3Ccvs.httpd.apache.org%3E Mailing List
https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E Mailing List
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7923 Signature
URL Date SRC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Apache
Search vendor "Apache"
Http Server
Search vendor "Apache" for product "Http Server"
<= 1.3.41
Search vendor "Apache" for product "Http Server" and version " <= 1.3.41"
-
Affected
Apache
Search vendor "Apache"
Http Server
Search vendor "Apache" for product "Http Server"
0.8.11
Search vendor "Apache" for product "Http Server" and version "0.8.11"
-
Affected
Apache
Search vendor "Apache"
Http Server
Search vendor "Apache" for product "Http Server"
0.8.14
Search vendor "Apache" for product "Http Server" and version "0.8.14"
-
Affected
Apache
Search vendor "Apache"
Http Server
Search vendor "Apache" for product "Http Server"
1.0
Search vendor "Apache" for product "Http Server" and version "1.0"
-
Affected
Apache
Search vendor "Apache"
Http Server
Search vendor "Apache" for product "Http Server"
1.0.3
Search vendor "Apache" for product "Http Server" and version "1.0.3"
-
Affected
Apache
Search vendor "Apache"
Http Server
Search vendor "Apache" for product "Http Server"
1.0.5
Search vendor "Apache" for product "Http Server" and version "1.0.5"
-
Affected
Apache
Search vendor "Apache"
Http Server
Search vendor "Apache" for product "Http Server"
1.1
Search vendor "Apache" for product "Http Server" and version "1.1"
-
Affected
Apache
Search vendor "Apache"
Http Server
Search vendor "Apache" for product "Http Server"
1.2
Search vendor "Apache" for product "Http Server" and version "1.2"
-
Affected
Apache
Search vendor "Apache"
Http Server
Search vendor "Apache" for product "Http Server"
1.2.4
Search vendor "Apache" for product "Http Server" and version "1.2.4"
-
Affected
Apache
Search vendor "Apache"
Http Server
Search vendor "Apache" for product "Http Server"
1.2.5
Search vendor "Apache" for product "Http Server" and version "1.2.5"
-
Affected
Apache
Search vendor "Apache"
Http Server
Search vendor "Apache" for product "Http Server"
1.2.6
Search vendor "Apache" for product "Http Server" and version "1.2.6"
-
Affected
Apache
Search vendor "Apache"
Http Server
Search vendor "Apache" for product "Http Server"
1.3
Search vendor "Apache" for product "Http Server" and version "1.3"
-
Affected
Apache
Search vendor "Apache"
Http Server
Search vendor "Apache" for product "Http Server"
1.3.0
Search vendor "Apache" for product "Http Server" and version "1.3.0"
-
Affected
Apache
Search vendor "Apache"
Http Server
Search vendor "Apache" for product "Http Server"
1.3.1
Search vendor "Apache" for product "Http Server" and version "1.3.1"
-
Affected
Apache
Search vendor "Apache"
Http Server
Search vendor "Apache" for product "Http Server"
1.3.2
Search vendor "Apache" for product "Http Server" and version "1.3.2"
-
Affected
Apache
Search vendor "Apache"
Http Server
Search vendor "Apache" for product "Http Server"
1.3.3
Search vendor "Apache" for product "Http Server" and version "1.3.3"
-
Affected
Apache
Search vendor "Apache"
Http Server
Search vendor "Apache" for product "Http Server"
1.3.4
Search vendor "Apache" for product "Http Server" and version "1.3.4"
-
Affected
Apache
Search vendor "Apache"
Http Server
Search vendor "Apache" for product "Http Server"
1.3.10
Search vendor "Apache" for product "Http Server" and version "1.3.10"
-
Affected
Apache
Search vendor "Apache"
Http Server
Search vendor "Apache" for product "Http Server"
1.3.11
Search vendor "Apache" for product "Http Server" and version "1.3.11"
-
Affected
Apache
Search vendor "Apache"
Http Server
Search vendor "Apache" for product "Http Server"
1.3.12
Search vendor "Apache" for product "Http Server" and version "1.3.12"
-
Affected
Apache
Search vendor "Apache"
Http Server
Search vendor "Apache" for product "Http Server"
1.3.13
Search vendor "Apache" for product "Http Server" and version "1.3.13"
-
Affected
Apache
Search vendor "Apache"
Http Server
Search vendor "Apache" for product "Http Server"
1.3.14
Search vendor "Apache" for product "Http Server" and version "1.3.14"
-
Affected
Apache
Search vendor "Apache"
Http Server
Search vendor "Apache" for product "Http Server"
1.3.15
Search vendor "Apache" for product "Http Server" and version "1.3.15"
-
Affected
Apache
Search vendor "Apache"
Http Server
Search vendor "Apache" for product "Http Server"
1.3.17
Search vendor "Apache" for product "Http Server" and version "1.3.17"
-
Affected
Apache
Search vendor "Apache"
Http Server
Search vendor "Apache" for product "Http Server"
1.3.18
Search vendor "Apache" for product "Http Server" and version "1.3.18"
-
Affected
Apache
Search vendor "Apache"
Http Server
Search vendor "Apache" for product "Http Server"
1.3.19
Search vendor "Apache" for product "Http Server" and version "1.3.19"
-
Affected
Apache
Search vendor "Apache"
Http Server
Search vendor "Apache" for product "Http Server"
1.3.20
Search vendor "Apache" for product "Http Server" and version "1.3.20"
-
Affected
Apache
Search vendor "Apache"
Http Server
Search vendor "Apache" for product "Http Server"
1.3.22
Search vendor "Apache" for product "Http Server" and version "1.3.22"
-
Affected
Apache
Search vendor "Apache"
Http Server
Search vendor "Apache" for product "Http Server"
1.3.23
Search vendor "Apache" for product "Http Server" and version "1.3.23"
-
Affected
Apache
Search vendor "Apache"
Http Server
Search vendor "Apache" for product "Http Server"
1.3.24
Search vendor "Apache" for product "Http Server" and version "1.3.24"
-
Affected
Apache
Search vendor "Apache"
Http Server
Search vendor "Apache" for product "Http Server"
1.3.25
Search vendor "Apache" for product "Http Server" and version "1.3.25"
-
Affected
Apache
Search vendor "Apache"
Http Server
Search vendor "Apache" for product "Http Server"
1.3.26
Search vendor "Apache" for product "Http Server" and version "1.3.26"
-
Affected
Apache
Search vendor "Apache"
Http Server
Search vendor "Apache" for product "Http Server"
1.3.27
Search vendor "Apache" for product "Http Server" and version "1.3.27"
-
Affected
Apache
Search vendor "Apache"
Http Server
Search vendor "Apache" for product "Http Server"
1.3.28
Search vendor "Apache" for product "Http Server" and version "1.3.28"
-
Affected
Apache
Search vendor "Apache"
Http Server
Search vendor "Apache" for product "Http Server"
1.3.29
Search vendor "Apache" for product "Http Server" and version "1.3.29"
-
Affected
Apache
Search vendor "Apache"
Http Server
Search vendor "Apache" for product "Http Server"
1.3.30
Search vendor "Apache" for product "Http Server" and version "1.3.30"
-
Affected
Apache
Search vendor "Apache"
Http Server
Search vendor "Apache" for product "Http Server"
1.3.31
Search vendor "Apache" for product "Http Server" and version "1.3.31"
-
Affected
Apache
Search vendor "Apache"
Http Server
Search vendor "Apache" for product "Http Server"
1.3.32
Search vendor "Apache" for product "Http Server" and version "1.3.32"
-
Affected
Apache
Search vendor "Apache"
Http Server
Search vendor "Apache" for product "Http Server"
1.3.33
Search vendor "Apache" for product "Http Server" and version "1.3.33"
-
Affected
Apache
Search vendor "Apache"
Http Server
Search vendor "Apache" for product "Http Server"
1.3.34
Search vendor "Apache" for product "Http Server" and version "1.3.34"
-
Affected
Apache
Search vendor "Apache"
Http Server
Search vendor "Apache" for product "Http Server"
1.3.35
Search vendor "Apache" for product "Http Server" and version "1.3.35"
-
Affected
Apache
Search vendor "Apache"
Http Server
Search vendor "Apache" for product "Http Server"
1.3.36
Search vendor "Apache" for product "Http Server" and version "1.3.36"
-
Affected
Apache
Search vendor "Apache"
Http Server
Search vendor "Apache" for product "Http Server"
1.3.37
Search vendor "Apache" for product "Http Server" and version "1.3.37"
-
Affected
Apache
Search vendor "Apache"
Http Server
Search vendor "Apache" for product "Http Server"
1.3.38
Search vendor "Apache" for product "Http Server" and version "1.3.38"
-
Affected
Apache
Search vendor "Apache"
Http Server
Search vendor "Apache" for product "Http Server"
1.3.39
Search vendor "Apache" for product "Http Server" and version "1.3.39"
-
Affected
Apache
Search vendor "Apache"
Http Server
Search vendor "Apache" for product "Http Server"
1.3.40
Search vendor "Apache" for product "Http Server" and version "1.3.40"
-
Affected