CVE-2010-0425
Apache 2.2.14 mod_isapi - Dangling Pointer Remote SYSTEM
Severity Score
10.0
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
2
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
modules/arch/win32/mod_isapi.c in mod_isapi in the Apache HTTP Server 2.0.37 through 2.0.63, 2.2.0 through 2.2.14, and 2.3.x before 2.3.7, when running on Windows, does not ensure that request processing is complete before calling isapi_unload for an ISAPI .dll module, which allows remote attackers to execute arbitrary code via unspecified vectors related to a crafted request, a reset packet, and "orphaned callback pointers."
El archivo modules/arch/win32/mod_isapi.c en la función mod_isapi en el servidor HTTP de Apache versión 2.0.37 hasta la versión 2.0.63, versión 2.2.0 hasta la versión 2.2.14 y versión 2.3.x en versiones anteriores a la 2.3.7, cuando se ejecuta en Windows, no asegura que el procesamiento de peticiones esté completo antes de llamar a las función isapi_unload para un módulo ISAPI.dll, que permite a los atacantes remotos ejecutar código arbitrario por medio de vectores no especificados relacionados con una petición creada, un paquete de restablecimiento y "orphaned callback pointers".
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2010-01-27 CVE Reserved
- 2010-03-05 CVE Published
- 2024-08-07 CVE Updated
- 2024-08-07 First Exploit
- 2024-10-13 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
CAPEC
References (42)
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/11650 | 2024-08-07 | |
| http://www.securityfocus.com/bid/38494 | 2024-08-07 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://secunia.com/advisories/38978 | 2024-02-14 | |
| http://secunia.com/advisories/39628 | 2024-02-14 | |
| http://www-01.ibm.com/support/docview.wss?uid=swg1PM09447 | 2024-02-14 | |
| http://www-01.ibm.com/support/docview.wss?uid=swg1PM12247 | 2024-02-14 | |
| http://www.vupen.com/english/advisories/2010/0634 | 2024-02-14 | |
| http://www.vupen.com/english/advisories/2010/0994 | 2024-02-14 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Apache Search vendor "Apache" | Http Server Search vendor "Apache" for product "Http Server" | 2.3.0 Search vendor "Apache" for product "Http Server" and version "2.3.0" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | * | - |
Safe
|
| Apache Search vendor "Apache" | Http Server Search vendor "Apache" for product "Http Server" | 2.3.1 Search vendor "Apache" for product "Http Server" and version "2.3.1" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | * | - |
Safe
|
| Apache Search vendor "Apache" | Http Server Search vendor "Apache" for product "Http Server" | 2.3.2 Search vendor "Apache" for product "Http Server" and version "2.3.2" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | * | - |
Safe
|
| Apache Search vendor "Apache" | Http Server Search vendor "Apache" for product "Http Server" | 2.3.3 Search vendor "Apache" for product "Http Server" and version "2.3.3" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | * | - |
Safe
|
| Apache Search vendor "Apache" | Http Server Search vendor "Apache" for product "Http Server" | 2.3.4 Search vendor "Apache" for product "Http Server" and version "2.3.4" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | * | - |
Safe
|
| Apache Search vendor "Apache" | Http Server Search vendor "Apache" for product "Http Server" | 2.3.5 Search vendor "Apache" for product "Http Server" and version "2.3.5" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | * | - |
Safe
|
| Apache Search vendor "Apache" | Http Server Search vendor "Apache" for product "Http Server" | 2.3.6 Search vendor "Apache" for product "Http Server" and version "2.3.6" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | * | - |
Safe
|
| Apache Search vendor "Apache" | Http Server Search vendor "Apache" for product "Http Server" | 2.0.9 Search vendor "Apache" for product "Http Server" and version "2.0.9" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | * | - |
Safe
|
| Apache Search vendor "Apache" | Http Server Search vendor "Apache" for product "Http Server" | 2.0.28 Search vendor "Apache" for product "Http Server" and version "2.0.28" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | * | - |
Safe
|
| Apache Search vendor "Apache" | Http Server Search vendor "Apache" for product "Http Server" | 2.0.28 Search vendor "Apache" for product "Http Server" and version "2.0.28" | beta |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | * | - |
Safe
|
| Apache Search vendor "Apache" | Http Server Search vendor "Apache" for product "Http Server" | 2.0.32 Search vendor "Apache" for product "Http Server" and version "2.0.32" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | * | - |
Safe
|
| Apache Search vendor "Apache" | Http Server Search vendor "Apache" for product "Http Server" | 2.0.32 Search vendor "Apache" for product "Http Server" and version "2.0.32" | beta |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | * | - |
Safe
|
| Apache Search vendor "Apache" | Http Server Search vendor "Apache" for product "Http Server" | 2.0.34 Search vendor "Apache" for product "Http Server" and version "2.0.34" | beta |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | * | - |
Safe
|
| Apache Search vendor "Apache" | Http Server Search vendor "Apache" for product "Http Server" | 2.0.35 Search vendor "Apache" for product "Http Server" and version "2.0.35" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | * | - |
Safe
|
| Apache Search vendor "Apache" | Http Server Search vendor "Apache" for product "Http Server" | 2.0.36 Search vendor "Apache" for product "Http Server" and version "2.0.36" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | * | - |
Safe
|
| Apache Search vendor "Apache" | Http Server Search vendor "Apache" for product "Http Server" | 2.0.37 Search vendor "Apache" for product "Http Server" and version "2.0.37" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | * | - |
Safe
|
| Apache Search vendor "Apache" | Http Server Search vendor "Apache" for product "Http Server" | 2.0.38 Search vendor "Apache" for product "Http Server" and version "2.0.38" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | * | - |
Safe
|
| Apache Search vendor "Apache" | Http Server Search vendor "Apache" for product "Http Server" | 2.0.39 Search vendor "Apache" for product "Http Server" and version "2.0.39" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | * | - |
Safe
|
| Apache Search vendor "Apache" | Http Server Search vendor "Apache" for product "Http Server" | 2.0.40 Search vendor "Apache" for product "Http Server" and version "2.0.40" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | * | - |
Safe
|
| Apache Search vendor "Apache" | Http Server Search vendor "Apache" for product "Http Server" | 2.0.41 Search vendor "Apache" for product "Http Server" and version "2.0.41" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | * | - |
Safe
|
| Apache Search vendor "Apache" | Http Server Search vendor "Apache" for product "Http Server" | 2.0.42 Search vendor "Apache" for product "Http Server" and version "2.0.42" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | * | - |
Safe
|
| Apache Search vendor "Apache" | Http Server Search vendor "Apache" for product "Http Server" | 2.0.43 Search vendor "Apache" for product "Http Server" and version "2.0.43" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | * | - |
Safe
|
| Apache Search vendor "Apache" | Http Server Search vendor "Apache" for product "Http Server" | 2.0.44 Search vendor "Apache" for product "Http Server" and version "2.0.44" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | * | - |
Safe
|
| Apache Search vendor "Apache" | Http Server Search vendor "Apache" for product "Http Server" | 2.0.45 Search vendor "Apache" for product "Http Server" and version "2.0.45" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | * | - |
Safe
|
| Apache Search vendor "Apache" | Http Server Search vendor "Apache" for product "Http Server" | 2.0.46 Search vendor "Apache" for product "Http Server" and version "2.0.46" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | * | - |
Safe
|
| Apache Search vendor "Apache" | Http Server Search vendor "Apache" for product "Http Server" | 2.0.47 Search vendor "Apache" for product "Http Server" and version "2.0.47" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | * | - |
Safe
|
| Apache Search vendor "Apache" | Http Server Search vendor "Apache" for product "Http Server" | 2.0.48 Search vendor "Apache" for product "Http Server" and version "2.0.48" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | * | - |
Safe
|
| Apache Search vendor "Apache" | Http Server Search vendor "Apache" for product "Http Server" | 2.0.49 Search vendor "Apache" for product "Http Server" and version "2.0.49" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | * | - |
Safe
|
| Apache Search vendor "Apache" | Http Server Search vendor "Apache" for product "Http Server" | 2.0.50 Search vendor "Apache" for product "Http Server" and version "2.0.50" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | * | - |
Safe
|
| Apache Search vendor "Apache" | Http Server Search vendor "Apache" for product "Http Server" | 2.0.51 Search vendor "Apache" for product "Http Server" and version "2.0.51" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | * | - |
Safe
|
| Apache Search vendor "Apache" | Http Server Search vendor "Apache" for product "Http Server" | 2.0.52 Search vendor "Apache" for product "Http Server" and version "2.0.52" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | * | - |
Safe
|
| Apache Search vendor "Apache" | Http Server Search vendor "Apache" for product "Http Server" | 2.0.53 Search vendor "Apache" for product "Http Server" and version "2.0.53" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | * | - |
Safe
|
| Apache Search vendor "Apache" | Http Server Search vendor "Apache" for product "Http Server" | 2.0.54 Search vendor "Apache" for product "Http Server" and version "2.0.54" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | * | - |
Safe
|
| Apache Search vendor "Apache" | Http Server Search vendor "Apache" for product "Http Server" | 2.0.55 Search vendor "Apache" for product "Http Server" and version "2.0.55" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | * | - |
Safe
|
| Apache Search vendor "Apache" | Http Server Search vendor "Apache" for product "Http Server" | 2.0.56 Search vendor "Apache" for product "Http Server" and version "2.0.56" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | * | - |
Safe
|
| Apache Search vendor "Apache" | Http Server Search vendor "Apache" for product "Http Server" | 2.0.57 Search vendor "Apache" for product "Http Server" and version "2.0.57" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | * | - |
Safe
|
| Apache Search vendor "Apache" | Http Server Search vendor "Apache" for product "Http Server" | 2.0.58 Search vendor "Apache" for product "Http Server" and version "2.0.58" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | * | - |
Safe
|
| Apache Search vendor "Apache" | Http Server Search vendor "Apache" for product "Http Server" | 2.0.59 Search vendor "Apache" for product "Http Server" and version "2.0.59" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | * | - |
Safe
|
| Apache Search vendor "Apache" | Http Server Search vendor "Apache" for product "Http Server" | 2.0.60 Search vendor "Apache" for product "Http Server" and version "2.0.60" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | * | - |
Safe
|
| Apache Search vendor "Apache" | Http Server Search vendor "Apache" for product "Http Server" | 2.0.61 Search vendor "Apache" for product "Http Server" and version "2.0.61" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | * | - |
Safe
|
| Apache Search vendor "Apache" | Http Server Search vendor "Apache" for product "Http Server" | 2.0.63 Search vendor "Apache" for product "Http Server" and version "2.0.63" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | * | - |
Safe
|
| Apache Search vendor "Apache" | Http Server Search vendor "Apache" for product "Http Server" | - | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | * | - |
Safe
|
| Apache Search vendor "Apache" | Http Server Search vendor "Apache" for product "Http Server" | 2.2.0 Search vendor "Apache" for product "Http Server" and version "2.2.0" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | * | - |
Safe
|
| Apache Search vendor "Apache" | Http Server Search vendor "Apache" for product "Http Server" | 2.2.1 Search vendor "Apache" for product "Http Server" and version "2.2.1" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | * | - |
Safe
|
| Apache Search vendor "Apache" | Http Server Search vendor "Apache" for product "Http Server" | 2.2.2 Search vendor "Apache" for product "Http Server" and version "2.2.2" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | * | - |
Safe
|
| Apache Search vendor "Apache" | Http Server Search vendor "Apache" for product "Http Server" | 2.2.3 Search vendor "Apache" for product "Http Server" and version "2.2.3" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | * | - |
Safe
|
| Apache Search vendor "Apache" | Http Server Search vendor "Apache" for product "Http Server" | 2.2.4 Search vendor "Apache" for product "Http Server" and version "2.2.4" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | * | - |
Safe
|
| Apache Search vendor "Apache" | Http Server Search vendor "Apache" for product "Http Server" | 2.2.6 Search vendor "Apache" for product "Http Server" and version "2.2.6" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | * | - |
Safe
|
| Apache Search vendor "Apache" | Http Server Search vendor "Apache" for product "Http Server" | 2.2.7 Search vendor "Apache" for product "Http Server" and version "2.2.7" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | * | - |
Safe
|
| Apache Search vendor "Apache" | Http Server Search vendor "Apache" for product "Http Server" | 2.2.8 Search vendor "Apache" for product "Http Server" and version "2.2.8" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | * | - |
Safe
|
| Apache Search vendor "Apache" | Http Server Search vendor "Apache" for product "Http Server" | 2.2.9 Search vendor "Apache" for product "Http Server" and version "2.2.9" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | * | - |
Safe
|
| Apache Search vendor "Apache" | Http Server Search vendor "Apache" for product "Http Server" | 2.2.10 Search vendor "Apache" for product "Http Server" and version "2.2.10" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | * | - |
Safe
|
| Apache Search vendor "Apache" | Http Server Search vendor "Apache" for product "Http Server" | 2.2.11 Search vendor "Apache" for product "Http Server" and version "2.2.11" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | * | - |
Safe
|
| Apache Search vendor "Apache" | Http Server Search vendor "Apache" for product "Http Server" | 2.2.12 Search vendor "Apache" for product "Http Server" and version "2.2.12" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | * | - |
Safe
|
| Apache Search vendor "Apache" | Http Server Search vendor "Apache" for product "Http Server" | 2.2.13 Search vendor "Apache" for product "Http Server" and version "2.2.13" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | * | - |
Safe
|
| Apache Search vendor "Apache" | Http Server Search vendor "Apache" for product "Http Server" | 2.2.14 Search vendor "Apache" for product "Http Server" and version "2.2.14" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | * | - |
Safe
|