accept no compromises
Showing 1 - 6 of 6 RSS Feed

CVE-2010-0434

Status Candidate

Overview

The ap_read_request function in server/protocol.c in the Apache HTTP Server 2.2.x before 2.2.15, when a multithreaded MPM is used, does not properly handle headers in subrequests in certain circumstances involving a parent request that has a body, which might allow remote attackers to obtain sensitive information via a crafted request that triggers access to memory locations associated with an earlier request.

Related Files

Gentoo Linux Security Advisory 201206-25
Posted Jun 24, 2012
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201206-25 - Multiple vulnerabilities were found in Apache HTTP Server. Versions less than 2.2.22-r1 are affected.

tags | advisory, web, vulnerability
systems | linux, gentoo
advisories | CVE-2010-0408, CVE-2010-0434, CVE-2010-1452, CVE-2010-2791, CVE-2011-3192, CVE-2011-3348, CVE-2011-3368, CVE-2011-3607, CVE-2011-4317, CVE-2012-0021, CVE-2012-0031, CVE-2012-0053, CVE-2012-0883
MD5 | 53c4b0ae9ad177ed4c64c32f4a9a2a33
VMware Security Advisory 2010-0014
Posted Sep 25, 2010
Authored by VMware | Site vmware.com

VMware Security Advisory - VMware Workstation and Player address a potential installer security issue and security issues in libpng. VMware ACE Management Server (AMS) for Windows updates Apache httpd.

tags | advisory
systems | windows
advisories | CVE-2010-3277, CVE-2010-1205, CVE-2010-0205, CVE-2010-2249, CVE-2010-0434, CVE-2010-0425
MD5 | c375431ad0ab0fe8c760aeae7c2e7422
HP Security Bulletin HPSBUX02531 SSRT100108
Posted Jun 4, 2010
Authored by Hewlett Packard | Site hp.com

HP Security Bulletin - Potential security vulnerabilities have been identified with HP-UX running Apache-based Web Server. The vulnerabilities could be exploited remotely to cause a Denial of Service (DoS) or unauthorized access. Apache-based Web Server is contained in the Apache Web Server Suite.

tags | advisory, web, denial of service, vulnerability
systems | hpux
advisories | CVE-2009-3094, CVE-2009-3095, CVE-2010-0408, CVE-2010-0740, CVE-2010-0433, CVE-2010-0434
MD5 | 02bccf929a86d4929427f8186d511b97
Debian Linux Security Advisory 2035-1
Posted Apr 19, 2010
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2035-1 - Two issues have been found in the Apache HTTPD web server. mod_proxy_ajp would return the wrong status code if it encountered an error, causing a backend server to be put into an error state until the retry timeout expired. A remote attacker could send malicious requests to trigger this issue, resulting in denial of service. A flaw in the core subrequest process code was found, which could lead to a daemon crash (segfault) or disclosure of sensitive information if the headers of a subrequest were modified by modules such as mod_headers.

tags | advisory, remote, web, denial of service
systems | linux, debian
advisories | CVE-2010-0408, CVE-2010-0434
MD5 | 0315d6fd7688c9c4f2d4cf893b9c2150
Ubuntu Security Notice 908-1
Posted Mar 11, 2010
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 908-1 - It was discovered that mod_proxy_ajp did not properly handle errors when a client doesn't send a request body. A remote attacker could exploit this with a crafted request and cause a denial of service. This issue affected Ubuntu 8.04 LTS, 8.10, 9.04 and 9.10. It was discovered that Apache did not properly handle headers in subrequests under certain conditions. A remote attacker could exploit this with a crafted request and possibly obtain sensitive information from previous requests.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2010-0408, CVE-2010-0434
MD5 | c325fa7847fc469032e3592c119cde4f
Mandriva Linux Security Advisory 2010-057
Posted Mar 8, 2010
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2010-057 - The ap_read_request function in server/protocol.c in the Apache HTTP Server 2.2.x before 2.2.15, when a multithreaded MPM is used, does not properly handle headers in subrequests in certain circumstances involving a parent request that has a body, which might allow remote attackers to obtain sensitive information via a crafted request that triggers access to memory locations associated with an earlier request. Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers. The updated packages have been patched to correct this issue.

tags | advisory, remote, web, protocol
systems | linux, mandriva
advisories | CVE-2010-0434
MD5 | c235dd13d9ace6a2ca8327b6437ee2a6
Page 1 of 1
Back1Next

File Archive:

July 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    2 Files
  • 2
    Jul 2nd
    3 Files
  • 3
    Jul 3rd
    15 Files
  • 4
    Jul 4th
    4 Files
  • 5
    Jul 5th
    15 Files
  • 6
    Jul 6th
    15 Files
  • 7
    Jul 7th
    10 Files
  • 8
    Jul 8th
    2 Files
  • 9
    Jul 9th
    10 Files
  • 10
    Jul 10th
    15 Files
  • 11
    Jul 11th
    15 Files
  • 12
    Jul 12th
    19 Files
  • 13
    Jul 13th
    16 Files
  • 14
    Jul 14th
    15 Files
  • 15
    Jul 15th
    3 Files
  • 16
    Jul 16th
    2 Files
  • 17
    Jul 17th
    8 Files
  • 18
    Jul 18th
    11 Files
  • 19
    Jul 19th
    15 Files
  • 20
    Jul 20th
    15 Files
  • 21
    Jul 21st
    15 Files
  • 22
    Jul 22nd
    7 Files
  • 23
    Jul 23rd
    2 Files
  • 24
    Jul 24th
    19 Files
  • 25
    Jul 25th
    28 Files
  • 26
    Jul 26th
    2 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close