ID CVE-2010-0010
Summary Integer overflow in the ap_proxy_send_fb function in proxy/proxy_util.c in mod_proxy in the Apache HTTP Server before 1.3.42 on 64-bit platforms allows remote origin servers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a large chunk size that triggers a heap-based buffer overflow.
References
Vulnerable Configurations
  • Apache Software Foundation Apache HTTP Server 0.8.11
    cpe:2.3:a:apache:http_server:0.8.11
  • Apache Software Foundation Apache HTTP Server 0.8.14
    cpe:2.3:a:apache:http_server:0.8.14
  • Apache Software Foundation Apache HTTP Server 1.0
    cpe:2.3:a:apache:http_server:1.0
  • Apache Software Foundation Apache HTTP Server 1.0.3
    cpe:2.3:a:apache:http_server:1.0.3
  • Apache Software Foundation Apache HTTP Server 1.0.5
    cpe:2.3:a:apache:http_server:1.0.5
  • Apache Software Foundation Apache HTTP Server 1.1
    cpe:2.3:a:apache:http_server:1.1
  • Apache Software Foundation Apache 1.2
    cpe:2.3:a:apache:http_server:1.2
  • Apache Software Foundation Apache HTTP Server 1.2.4
    cpe:2.3:a:apache:http_server:1.2.4
  • Apache Software Foundation Apache HTTP Server 1.2.5
    cpe:2.3:a:apache:http_server:1.2.5
  • Apache Software Foundation Apache HTTP Server 1.2.6
    cpe:2.3:a:apache:http_server:1.2.6
  • Apache Software Foundation Apache HTTP Server 1.3
    cpe:2.3:a:apache:http_server:1.3
  • Apache Software Foundation Apache HTTP Server 1.3.0
    cpe:2.3:a:apache:http_server:1.3.0
  • Apache Software Foundation Apache HTTP Server 1.3.1
    cpe:2.3:a:apache:http_server:1.3.1
  • Apache Software Foundation Apache HTTP Server 1.3.2
    cpe:2.3:a:apache:http_server:1.3.2
  • Apache Software Foundation Apache HTTP Server 1.3.3
    cpe:2.3:a:apache:http_server:1.3.3
  • Apache Software Foundation Apache HTTP Server 1.3.4
    cpe:2.3:a:apache:http_server:1.3.4
  • Apache Software Foundation Apache 1.3.10
    cpe:2.3:a:apache:http_server:1.3.10
  • Apache Software Foundation Apache HTTP Server 1.3.11
    cpe:2.3:a:apache:http_server:1.3.11
  • Apache Software Foundation Apache HTTP Server 1.3.12
    cpe:2.3:a:apache:http_server:1.3.12
  • Apache Software Foundation Apache 1.3.13
    cpe:2.3:a:apache:http_server:1.3.13
  • Apache Software Foundation Apache HTTP Server 1.3.14
    cpe:2.3:a:apache:http_server:1.3.14
  • Apache Software Foundation Apache 1.3.15
    cpe:2.3:a:apache:http_server:1.3.15
  • Apache Software Foundation Apache HTTP Server 1.3.17
    cpe:2.3:a:apache:http_server:1.3.17
  • Apache Software Foundation Apache HTTP Server 1.3.18
    cpe:2.3:a:apache:http_server:1.3.18
  • Apache Software Foundation Apache HTTP Server 1.3.19
    cpe:2.3:a:apache:http_server:1.3.19
  • Apache Software Foundation Apache HTTP Server 1.3.20
    cpe:2.3:a:apache:http_server:1.3.20
  • Apache Software Foundation Apache HTTP Server 1.3.22
    cpe:2.3:a:apache:http_server:1.3.22
  • Apache Software Foundation Apache HTTP Server 1.3.23
    cpe:2.3:a:apache:http_server:1.3.23
  • Apache Software Foundation Apache HTTP Server 1.3.24
    cpe:2.3:a:apache:http_server:1.3.24
  • Apache Software Foundation Apache HTTP Server 1.3.25
    cpe:2.3:a:apache:http_server:1.3.25
  • Apache Software Foundation Apache HTTP Server 1.3.26
    cpe:2.3:a:apache:http_server:1.3.26
  • Apache Software Foundation Apache HTTP Server 1.3.27
    cpe:2.3:a:apache:http_server:1.3.27
  • Apache Software Foundation Apache HTTP Server 1.3.28
    cpe:2.3:a:apache:http_server:1.3.28
  • Apache Software Foundation Apache HTTP Server 1.3.29
    cpe:2.3:a:apache:http_server:1.3.29
  • Apache Software Foundation Apache HTTP Server 1.3.30
    cpe:2.3:a:apache:http_server:1.3.30
  • Apache Software Foundation Apache HTTP Server 1.3.31
    cpe:2.3:a:apache:http_server:1.3.31
  • Apache Software Foundation Apache HTTP Server 1.3.32
    cpe:2.3:a:apache:http_server:1.3.32
  • Apache Software Foundation Apache HTTP Server 1.3.33
    cpe:2.3:a:apache:http_server:1.3.33
  • Apache Software Foundation Apache HTTP Server 1.3.34
    cpe:2.3:a:apache:http_server:1.3.34
  • Apache Software Foundation Apache HTTP Server 1.3.35
    cpe:2.3:a:apache:http_server:1.3.35
  • Apache Software Foundation Apache HTTP Server 1.3.36
    cpe:2.3:a:apache:http_server:1.3.36
  • Apache Software Foundation Apache HTTP Server 1.3.37
    cpe:2.3:a:apache:http_server:1.3.37
  • Apache Software Foundation Apache HTTP Server 1.3.38
    cpe:2.3:a:apache:http_server:1.3.38
  • Apache Software Foundation Apache HTTP Server 1.3.39
    cpe:2.3:a:apache:http_server:1.3.39
  • cpe:2.3:a:apache:http_server:1.3.40
    cpe:2.3:a:apache:http_server:1.3.40
  • Apache Software Foundation Apache HTTP Server 1.3.41
    cpe:2.3:a:apache:http_server:1.3.41
CVSS
Base: 6.8 (as of 03-02-2010 - 10:30)
Impact:
Exploitability:
CWE CWE-189
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
nessus via4
  • NASL family SuSE Local Security Checks
    NASL id SUSE9_12609.NASL
    description Specially crafted requests could lead to an integer overflow in mod_proxy. Attackers could exploit that to crash Apache or potentially cause execution of arbitrary code. (CVE-2010-0010) The problem only affects 64bit architectures.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 58228
    published 2012-04-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=58228
    title SuSE9 Security Update : Apache (YOU Patch Number 12609)
  • NASL family Web Servers
    NASL id APACHE_1_3_42.NASL
    description According to its banner, the version of Apache 1.3.x running on the remote host is prior 1.3.42. It is, therefore, potentially affected by an integer overflow vulnerability in the mod_proxy Apache module. A remote attacker can exploit this to cause a denial of service condition or to execute arbitrary code. Note that successful exploitation is possible only on platforms where sizeof(int) < sizeof(long), such as 64-bit architectures. Also note that version 1.3.42 is the final release of Apache 1.3.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 44589
    published 2010-02-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=44589
    title Apache 1.3.x < 1.3.42 mod_proxy Integer Overflow
oval via4
accepted 2013-07-22T04:03:15.186-04:00
class vulnerability
contributors
  • name J. Daniel Brown
    organization DTCC
  • name Matt Hansbury
    organization The MITRE Corporation
  • name Matt Hansbury
    organization The MITRE Corporation
  • name Maria Kedovskaya
    organization ALTX-SOFT
definition_extensions
comment Apache HTTP Server 1.3.x is installed on the system
oval oval:org.mitre.oval:def:8565
description Integer overflow in the ap_proxy_send_fb function in proxy/proxy_util.c in mod_proxy in the Apache HTTP Server before 1.3.42 on 64-bit platforms allows remote origin servers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a large chunk size that triggers a heap-based buffer overflow.
family windows
id oval:org.mitre.oval:def:7923
status accepted
submitted 2010-03-04T17:30:00.000-05:00
title Apache 1.3 mod_proxy HTTP Chunked Encoding Integer Overflow Vulnerability
version 13
refmap via4
bid 37966
bugtraq 20100127 Mod_proxy from apache 1.3 - Integer overflow which causes heap overflow.
confirm http://httpd.apache.org/dev/dist/CHANGES_1.3.42
fulldisc 20100127 Mod_proxy from apache 1.3 - Integer overflow which causes heap overflow.
hp
  • HPSBOV02683
  • SSRT090208
misc
sectrack 1023533
secunia
  • 38319
  • 39656
suse SUSE-SR:2010:010
vupen
  • ADV-2010-0240
  • ADV-2010-1001
xf modproxy-approxysendfb-bo(55941)
statements via4
contributor Joshua Bressers
lastmodified 2010-02-03
organization Red Hat
statement This issue does not affect the Apache HTTP Server versions 2 and greater. This flaw does not affect any supported versions of Red Hat Enterprise Linux. This flaw does affect Red Hat Network Proxy and Red Hat Network Satellite. While those products do not use this feature, we are tracking the issue with the following bug: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-0010
Last major update 06-09-2011 - 23:05
Published 02-02-2010 - 11:30
Last modified 10-10-2018 - 15:49
Back to Top