ID CVE-2010-1452
Summary The (1) mod_cache and (2) mod_dav modules in the Apache HTTP Server 2.2.x before 2.2.16 allow remote attackers to cause a denial of service (process crash) via a request that lacks a path.
References
Vulnerable Configurations
  • Apache Software Foundation Apache HTTP Server
    cpe:2.3:a:apache:http_server
  • Apache Software Foundation Apache HTTP Server 2.2
    cpe:2.3:a:apache:http_server:2.2
  • Apache Software Foundation Apache HTTP Server 2.2.0
    cpe:2.3:a:apache:http_server:2.2.0
  • Apache Software Foundation Apache HTTP Server 2.2.1
    cpe:2.3:a:apache:http_server:2.2.1
  • Apache Software Foundation Apache HTTP Server 2.2.2
    cpe:2.3:a:apache:http_server:2.2.2
  • Apache Software Foundation Apache HTTP Server 2.2.3
    cpe:2.3:a:apache:http_server:2.2.3
  • Apache Software Foundation Apache HTTP Server 2.2.4
    cpe:2.3:a:apache:http_server:2.2.4
  • Apache Software Foundation Apache HTTP Server 2.2.6
    cpe:2.3:a:apache:http_server:2.2.6
  • cpe:2.3:a:apache:http_server:2.2.7
    cpe:2.3:a:apache:http_server:2.2.7
  • Apache Software Foundation Apache HTTP Server 2.2.8
    cpe:2.3:a:apache:http_server:2.2.8
  • Apache Software Foundation Apache HTTP Server 2.2.9
    cpe:2.3:a:apache:http_server:2.2.9
  • Apache Software Foundation Apache HTTP Server 2.2.10
    cpe:2.3:a:apache:http_server:2.2.10
  • Apache Software Foundation Apache HTTP Server 2.2.11
    cpe:2.3:a:apache:http_server:2.2.11
  • Apache Software Foundation Apache HTTP Server 2.2.12
    cpe:2.3:a:apache:http_server:2.2.12
  • Apache Software Foundation Apache HTTP Server 2.2.13
    cpe:2.3:a:apache:http_server:2.2.13
  • Apache Software Foundation Apache HTTP Server 2.2.14
    cpe:2.3:a:apache:http_server:2.2.14
  • Apache Software Foundation Apache HTTP Server 2.2.15
    cpe:2.3:a:apache:http_server:2.2.15
CVSS
Base: 5.0 (as of 29-07-2010 - 09:02)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
nessus via4
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2010-0659.NASL
    description Updated httpd packages that fix two security issues and multiple bugs are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The Apache HTTP Server is a popular web server. A flaw was discovered in the way the mod_proxy module of the Apache HTTP Server handled the timeouts of requests forwarded by a reverse proxy to the back-end server. If the proxy was configured to reuse existing back-end connections, it could return a response intended for another user under certain timeout conditions, possibly leading to information disclosure. (CVE-2010-2791) A flaw was found in the way the mod_dav module of the Apache HTTP Server handled certain requests. If a remote attacker were to send a carefully crafted request to the server, it could cause the httpd child process to crash. (CVE-2010-1452) This update also fixes the following bugs : * numerous issues in the INFLATE filter provided by mod_deflate. 'Inflate error -5 on flush' errors may have been logged. This update upgrades mod_deflate to the newer upstream version from Apache HTTP Server 2.2.15. (BZ#625435) * the response would be corrupted if mod_filter applied the DEFLATE filter to a resource requiring a subrequest with an internal redirect. (BZ#625451) * the OID() function used in the mod_ssl 'SSLRequire' directive did not correctly evaluate extensions of an unknown type. (BZ#625452) All httpd users should upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the httpd daemon must be restarted for the update to take effect.
    last seen 2019-01-16
    modified 2018-11-28
    plugin id 48934
    published 2010-08-31
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=48934
    title RHEL 5 : httpd (RHSA-2010:0659)
  • NASL family Web Servers
    NASL id APACHE_2_2_16.NASL
    description According to its banner, the version of Apache 2.2.x running on the remote host is prior to 2.2.16. It is, therefore, potentially affected by multiple vulnerabilities : - A denial of service vulnerability in mod_cache and mod_dav. (CVE-2010-1452) - An information disclosure vulnerability in mod_proxy_ajp, mod_reqtimeout, and mod_proxy_http relating to timeout conditions. Note that this issue only affects Apache on Windows, Netware, and OS/2. (CVE-2010-2068) Note that the remote web server may not actually be affected by these vulnerabilities. Nessus did not try to determine whether the affected modules are in use or to check for the issues themselves.
    last seen 2019-01-16
    modified 2018-11-15
    plugin id 48205
    published 2010-07-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=48205
    title Apache 2.2.x < 2.2.16 Multiple Vulnerabilities
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2010-0659.NASL
    description From Red Hat Security Advisory 2010:0659 : Updated httpd packages that fix two security issues and multiple bugs are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The Apache HTTP Server is a popular web server. A flaw was discovered in the way the mod_proxy module of the Apache HTTP Server handled the timeouts of requests forwarded by a reverse proxy to the back-end server. If the proxy was configured to reuse existing back-end connections, it could return a response intended for another user under certain timeout conditions, possibly leading to information disclosure. (CVE-2010-2791) A flaw was found in the way the mod_dav module of the Apache HTTP Server handled certain requests. If a remote attacker were to send a carefully crafted request to the server, it could cause the httpd child process to crash. (CVE-2010-1452) This update also fixes the following bugs : * numerous issues in the INFLATE filter provided by mod_deflate. 'Inflate error -5 on flush' errors may have been logged. This update upgrades mod_deflate to the newer upstream version from Apache HTTP Server 2.2.15. (BZ#625435) * the response would be corrupted if mod_filter applied the DEFLATE filter to a resource requiring a subrequest with an internal redirect. (BZ#625451) * the OID() function used in the mod_ssl 'SSLRequire' directive did not correctly evaluate extensions of an unknown type. (BZ#625452) All httpd users should upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the httpd daemon must be restarted for the update to take effect.
    last seen 2019-01-16
    modified 2018-07-18
    plugin id 68091
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=68091
    title Oracle Linux 5 : httpd (ELSA-2010-0659)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20100830_HTTPD_ON_SL5_X.NASL
    description A flaw was discovered in the way the mod_proxy module of the Apache HTTP Server handled the timeouts of requests forwarded by a reverse proxy to the back-end server. If the proxy was configured to reuse existing back-end connections, it could return a response intended for another user under certain timeout conditions, possibly leading to information disclosure. (CVE-2010-2791) A flaw was found in the way the mod_dav module of the Apache HTTP Server handled certain requests. If a remote attacker were to send a carefully crafted request to the server, it could cause the httpd child process to crash. (CVE-2010-1452) This update also fixes the following bugs : - numerous issues in the INFLATE filter provided by mod_deflate. 'Inflate error -5 on flush' errors may have been logged. This update upgrades mod_deflate to the newer upstream version from Apache HTTP Server 2.2.15. (BZ#625435) - the response would be corrupted if mod_filter applied the DEFLATE filter to a resource requiring a subrequest with an internal redirect. (BZ#625451) - the OID() function used in the mod_ssl 'SSLRequire' directive did not correctly evaluate extensions of an unknown type. (BZ#625452) After installing the updatedpackages, the httpd daemon must be restarted for the update to take effect.
    last seen 2019-01-16
    modified 2019-01-02
    plugin id 60847
    published 2012-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=60847
    title Scientific Linux Security Update : httpd on SL5.x i386/x86_64
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2010-12478.NASL
    description This update contains the latest stable release of the Apache HTTP Server. One security fix is included: CVE-2010-1452: mod_dav, mod_cache: Fix Handling of requests without a path segment. Several bugs are also fixed: http://www.apache.org/dist/httpd/CHANGES_2.2.16 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-01-16
    modified 2018-11-28
    plugin id 48327
    published 2010-08-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=48327
    title Fedora 13 : httpd-2.2.16-1.fc13 (2010-12478)
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_28A7310F985511DF8D36001AA0166822.NASL
    description Apache ChangeLog reports : mod_dav, mod_cache: Fix Handling of requests without a path segment.
    last seen 2018-11-22
    modified 2018-11-21
    plugin id 47818
    published 2010-07-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=47818
    title FreeBSD : apache -- Remote DoS bug in mod_cache and mod_dav (28a7310f-9855-11df-8d36-001aa0166822)
  • NASL family Slackware Local Security Checks
    NASL id SLACKWARE_SSA_2010-240-02.NASL
    description New httpd packages are available for Slackware 12.0, 12.1, 12.2, 13.0, 13.1, and -current to fix a security issue.
    last seen 2019-01-16
    modified 2019-01-02
    plugin id 48920
    published 2010-08-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=48920
    title Slackware 12.0 / 12.1 / 12.2 / 13.0 / 13.1 / current : httpd (SSA:2010-240-02)
  • NASL family Web Servers
    NASL id APACHE_2_0_64.NASL
    description According to its banner, the version of Apache 2.0.x running on the remote host is prior to 2.0.64. It is, therefore, affected by the following vulnerabilities : - An unspecified error exists in the handling of requests without a path segment. (CVE-2010-1452) - Several modules, including 'mod_deflate', are vulnerable to a denial of service attack as the server can be forced to utilize CPU time compressing a large file after client disconnect. (CVE-2009-1891) - An unspecified error exists in 'mod_proxy' related to filtration of authentication credentials. (CVE-2009-3095) - A NULL pointer dereference issue exists in 'mod_proxy_ftp' in some error handling paths. (CVE-2009-3094) - An error exists in 'mod_ssl' making the server vulnerable to the TLC renegotiation prefix injection attack. (CVE-2009-3555) - An error exists in the handling of subrequests such that the parent request headers may be corrupted. (CVE-2010-0434) - An error exists in 'mod_proxy_http' when handling excessive interim responses making it vulnerable to a denial of service attack. (CVE-2008-2364) - An error exists in 'mod_isapi' that allows the module to be unloaded too early, which leaves orphaned callback pointers. (CVE-2010-0425) - An error exists in 'mod_proxy_ftp' when wildcards are in an FTP URL, which allows for cross-site scripting attacks. (CVE-2008-2939) Note that the remote web server may not actually be affected by these vulnerabilities. Nessus did not try to determine whether the affected modules are in use or to check for the issues themselves.
    last seen 2019-01-16
    modified 2018-06-29
    plugin id 50069
    published 2010-10-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=50069
    title Apache 2.0.x < 2.0.64 Multiple Vulnerabilities
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2010-0659.NASL
    description Updated httpd packages that fix two security issues and multiple bugs are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The Apache HTTP Server is a popular web server. A flaw was discovered in the way the mod_proxy module of the Apache HTTP Server handled the timeouts of requests forwarded by a reverse proxy to the back-end server. If the proxy was configured to reuse existing back-end connections, it could return a response intended for another user under certain timeout conditions, possibly leading to information disclosure. (CVE-2010-2791) A flaw was found in the way the mod_dav module of the Apache HTTP Server handled certain requests. If a remote attacker were to send a carefully crafted request to the server, it could cause the httpd child process to crash. (CVE-2010-1452) This update also fixes the following bugs : * numerous issues in the INFLATE filter provided by mod_deflate. 'Inflate error -5 on flush' errors may have been logged. This update upgrades mod_deflate to the newer upstream version from Apache HTTP Server 2.2.15. (BZ#625435) * the response would be corrupted if mod_filter applied the DEFLATE filter to a resource requiring a subrequest with an internal redirect. (BZ#625451) * the OID() function used in the mod_ssl 'SSLRequire' directive did not correctly evaluate extensions of an unknown type. (BZ#625452) All httpd users should upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the httpd daemon must be restarted for the update to take effect.
    last seen 2019-01-16
    modified 2018-11-10
    plugin id 67078
    published 2013-06-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=67078
    title CentOS 5 : httpd (CESA-2010:0659)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2010-153.NASL
    description Multiple vulnerabilities has been found and corrected in apache : The mod_cache and mod_dav modules in the Apache HTTP Server 2.2.x before 2.2.16 allow remote attackers to cause a denial of service (process crash) via a request that lacks a path (CVE-2010-1452). mod_proxy in httpd in Apache HTTP Server 2.2.9, when running on Unix, does not close the backend connection if a timeout occurs when reading a response from a persistent connection, which allows remote attackers to obtain a potentially sensitive response intended for a different client in opportunistic circumstances via a normal HTTP request. NOTE: this is the same issue as CVE-2010-2068, but for a different OS and set of affected versions (CVE-2010-2791). Packages for 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149&products_id=4 90 The updated packages have been patched to correct these issues.
    last seen 2019-01-16
    modified 2018-07-19
    plugin id 48347
    published 2010-08-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=48347
    title Mandriva Linux Security Advisory : apache (MDVSA-2010:153)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2010-152.NASL
    description A vulnerability has been found and corrected in apache : The mod_cache and mod_dav modules in the Apache HTTP Server 2.2.x before 2.2.16 allow remote attackers to cause a denial of service (process crash) via a request that lacks a path (CVE-2010-1452). Packages for 2008.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149&products_id=4 90 The updated packages have been patched to correct this issue.
    last seen 2019-01-16
    modified 2018-07-19
    plugin id 48346
    published 2010-08-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=48346
    title Mandriva Linux Security Advisory : apache (MDVSA-2010:152)
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_10_6_7.NASL
    description The remote host is running a version of Mac OS X 10.6.x that is prior to 10.6.7. Mac OS X 10.6.7 contains security fixes for the following products : - AirPort - Apache - AppleScript - ATS - bzip2 - CarbonCore - ClamAV - CoreText - File Quarantine - HFS - ImageIO - Image RAW - Installer - Kerberos - Kernel - Libinfo - libxml - Mailman - PHP - QuickLook - QuickTime - Ruby - Samba - Subversion - Terminal - X11
    last seen 2019-01-16
    modified 2018-08-22
    plugin id 52754
    published 2011-03-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=52754
    title Mac OS X 10.6.x < 10.6.7 Multiple Vulnerabilities
  • NASL family Web Servers
    NASL id HPSMH_7_0_0_24.NASL
    description According to the web server's banner, the version of HP System Management Homepage (SMH) hosted on the remote host is earlier than 7.0. As such, it is reportedly affected by the following vulnerabilities : - An error exists in the 'generate-id' function in the bundled libxslt library that can allow disclosure of heap memory addresses. (CVE-2011-0195) - An unspecified input validation error exists and can allow cross-site request forgery attacks. (CVE-2011-3846) - Unspecified errors can allow attackers to carry out denial of service attacks via unspecified vectors. (CVE-2012-0135, CVE-2012-1993) - The bundled version of PHP contains multiple vulnerabilities. (CVE-2010-3436, CVE-2010-4409, CVE-2010-4645, CVE-2011-1148, CVE-2011-1153, CVE-2011-1464, CVE-2011-1467, CVE-2011-1468, CVE-2011-1470, CVE-2011-1471, CVE-2011-1938, CVE-2011-2202, CVE-2011-2483, CVE-2011-3182, CVE-2011-3189, CVE-2011-3267, CVE-2011-3268) - The bundled version of Apache contains multiple vulnerabilities. (CVE-2010-1452, CVE-2010-1623, CVE-2010-2068, CVE-2010-2791, CVE-2011-0419, CVE-2011-1928, CVE-2011-3192, CVE-2011-3348, CVE-2011-3368, CVE-2011-3639) - OpenSSL libraries are contained in several of the bundled components and contain multiple vulnerabilities. (CVE-2011-0014, CVE-2011-1468, CVE-2011-1945, CVE-2011-3207,CVE-2011-3210) - Curl libraries are contained in several of the bundled components and contain multiple vulnerabilities. (CVE-2009-0037, CVE-2010-0734, CVE-2011-2192)
    last seen 2019-01-16
    modified 2018-11-15
    plugin id 58811
    published 2012-04-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=58811
    title HP System Management Homepage < 7.0 Multiple Vulnerabilities
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-1021-1.NASL
    description It was discovered that Apache's mod_cache and mod_dav modules incorrectly handled requests that lacked a path. A remote attacker could exploit this with a crafted request and cause a denial of service. This issue affected Ubuntu 6.06 LTS, 8.04 LTS, 9.10 and 10.04 LTS. (CVE-2010-1452) It was discovered that Apache did not properly handle memory when destroying APR buckets. A remote attacker could exploit this with crafted requests and cause a denial of service via memory exhaustion. This issue affected Ubuntu 6.06 LTS and 10.10. (CVE-2010-1623). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-01-16
    modified 2018-12-01
    plugin id 50823
    published 2010-11-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=50823
    title Ubuntu 6.06 LTS / 8.04 LTS / 9.10 / 10.04 LTS / 10.10 : apache2 vulnerabilities (USN-1021-1)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_APACHE2-110831.NASL
    description This update fixes a remote denial of service bug (memory exhaustion) in the Apache 2 HTTP server, that could be triggered by remote attackers using multiple overlapping Request Ranges. (CVE-2011-3192) It also fixes a issue in mod_dav, where the (1) mod_cache and (2) mod_dav modules in the Apache HTTP Server 2.2.x allowed remote attackers to cause a denial of service (process crash) via a request that lacks a path. (CVE-2010-1452) Also following bugs were fixed : - recommend the default MPM (prefork) via Recommends: in .spec - apache not sending error 304 if mod_deflate is enabled. - take LimitRequestFieldsize config option into account when parsing headers from backend.
    last seen 2019-01-16
    modified 2015-01-13
    plugin id 57088
    published 2011-12-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=57088
    title SuSE 11.1 Security Update : Apache (SAT Patch Number 5090)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-2298.NASL
    description Two issues have been found in the Apache HTTPD web server : - CVE-2011-3192 A vulnerability has been found in the way the multiple overlapping ranges are handled by the Apache HTTPD server. This vulnerability allows an attacker to cause Apache HTTPD to use an excessive amount of memory, causing a denial of service. - CVE-2010-1452 A vulnerability has been found in mod_dav that allows an attacker to cause a daemon crash, causing a denial of service. This issue only affects the Debian 5.0 oldstable/lenny distribution.
    last seen 2019-01-16
    modified 2018-11-10
    plugin id 55998
    published 2011-08-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=55998
    title Debian DSA-2298-2 : apache2 - denial of service
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_SECUPD2011-001.NASL
    description The remote host is running a version of Mac OS X 10.5 that does not have Security Update 2011-001 applied. This security update contains fixes for the following products : - Apache - bzip2 - ClamAV - ImageIO - Kerberos - Libinfo - libxml - Mailman - PHP - QuickLook - Ruby - X11
    last seen 2019-01-16
    modified 2018-07-14
    plugin id 52753
    published 2011-03-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=52753
    title Mac OS X Multiple Vulnerabilities (Security Update 2011-001)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201206-25.NASL
    description The remote host is affected by the vulnerability described in GLSA-201206-25 (Apache HTTP Server: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Apache HTTP Server. Please review the CVE identifiers referenced below for details. Impact : A remote attacker might obtain sensitive information, gain privileges, send requests to unintended servers behind proxies, bypass certain security restrictions, obtain the values of HTTPOnly cookies, or cause a Denial of Service in various ways. A local attacker could gain escalated privileges. Workaround : There is no known workaround at this time.
    last seen 2019-01-16
    modified 2018-07-11
    plugin id 59678
    published 2012-06-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=59678
    title GLSA-201206-25 : Apache HTTP Server: Multiple vulnerabilities
oval via4
  • accepted 2014-07-14T04:00:09.941-04:00
    class vulnerability
    contributors
    • name J. Daniel Brown
      organization DTCC
    • name Shane Shaffer
      organization G2, Inc.
    • name Maria Mikhno
      organization ALTX-SOFT
    definition_extensions
    comment Apache HTTP Server 2.2.x is installed on the system
    oval oval:org.mitre.oval:def:8550
    description The (1) mod_cache and (2) mod_dav modules in the Apache HTTP Server 2.2.x before 2.2.16 allow remote attackers to cause a denial of service (process crash) via a request that lacks a path.
    family windows
    id oval:org.mitre.oval:def:11683
    status accepted
    submitted 2010-07-27T17:30:00.000-05:00
    title Apache 'mod_cache' and 'mod_dav' Request Handling Denial of Service Vulnerability
    version 11
  • accepted 2015-04-20T04:00:22.150-04:00
    class vulnerability
    contributors
    • name K, Balamurugan
      organization Hewlett-Packard
    • name Sushant Kumar Singh
      organization Hewlett-Packard
    • name Sushant Kumar Singh
      organization Hewlett-Packard
    • name Prashant Kumar
      organization Hewlett-Packard
    • name Mike Cokus
      organization The MITRE Corporation
    description The (1) mod_cache and (2) mod_dav modules in the Apache HTTP Server 2.2.x before 2.2.16 allow remote attackers to cause a denial of service (process crash) via a request that lacks a path.
    family unix
    id oval:org.mitre.oval:def:12341
    status accepted
    submitted 2011-02-01T12:25:57.000-05:00
    title HP-UX Apache-based Web Server, Local Information Disclosure, Increase of Privilege, Remote Denial of Service (DoS)
    version 45
redhat via4
advisories
  • rhsa
    id RHSA-2010:0659
  • rhsa
    id RHSA-2011:0896
  • rhsa
    id RHSA-2011:0897
rpms
  • httpd-0:2.2.3-43.el5_5.3
  • httpd-devel-0:2.2.3-43.el5_5.3
  • httpd-manual-0:2.2.3-43.el5_5.3
  • mod_ssl-0:2.2.3-43.el5_5.3
refmap via4
apple APPLE-SA-2011-03-21-1
confirm
hp
  • HPSBMU02753
  • HPSBUX02612
  • SSRT100345
  • SSRT100782
mlist [apache-announce] 20100725 [ANNOUNCEMENT] Apache HTTP Server 2.2.16 Released
secunia 42367
slackware SSA:2010-240-02
suse
  • SUSE-SU-2011:1000
  • SUSE-SU-2011:1216
ubuntu USN-1021-1
vupen
  • ADV-2010-2218
  • ADV-2010-3064
  • ADV-2011-0291
Last major update 22-08-2016 - 22:01
Published 28-07-2010 - 16:00
Last modified 30-10-2018 - 12:25
Back to Top