CVE-2010-0408Apache Http Server vulnerability

8 documents8 sources
Severity
5.0MEDIUMNVD
EPSS
30.7%
top 3.27%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Apache Http Server
Timeline
PublishedMar 5
Latest updateMay 2

Description

The ap_proxy_ajp_request function in mod_proxy_ajp.c in mod_proxy_ajp in the Apache HTTP Server 2.2.x before 2.2.15 does not properly handle certain situations in which a client sends no request body, which allows remote attackers to cause a denial of service (backend server outage) via a crafted request, related to use of a 500 error code instead of the appropriate 400 error code.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

NVDapache/http_server12 versions+11

Patches

Patch: httpd.apache.orgPatch: svn.apache.orgPatch: httpd.apache.org

🔴Vulnerability Details

3
GHSA
GHSA-79pg-gq5q-whfr: The ap_proxy_ajp_request function in mod_proxy_ajp2022-05-02
CVEList
CVE-2010-0408: The ap_proxy_ajp_request function in mod_proxy_ajp2010-03-05
OSV
CVE-2010-0408: The ap_proxy_ajp_request function in mod_proxy_ajp2010-03-05

📋Vendor Advisories

3
Ubuntu
Apache vulnerabilities2010-03-10
Red Hat
httpd: mod_proxy_ajp remote temporary DoS2010-03-02
Debian
CVE-2010-0408: apache2 - The ap_proxy_ajp_request function in mod_proxy_ajp.c in mod_proxy_ajp in the Apa...2010

💬Community

1
Bugzilla
CVE-2010-0408 httpd: mod_proxy_ajp remote temporary DoS2010-03-02
CVE-2010-0408 — Apache Http Server vulnerability | cvebase