CVE Reference: CVE-2010-0425

NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE:
CVE-2010-0425

Description:
modules/arch/win32/mod_isapi.c in mod_isapi in the Apache HTTP Server 2.0.37 through 2.0.63, 2.2.0 through 2.2.14, and 2.3.x before 2.3.7, when running on Windows, does not ensure that request processing is complete before calling isapi_unload for an ISAPI .dll module, which allows remote attackers to execute arbitrary code via unspecified vectors related to a crafted request, a reset packet, and "orphaned callback pointers."

CVE Status:
Candidate

References:

XF
  http://xforce.iss.net/xforce/xfdb/56624

ST
  1023701

SAID
  Secunia Advisory: SA38978
  Secunia Advisory: SA39628

OVAL
  http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:8439

MLIST
  http://lists.vmware.com/pipermail/security-announce/2010/000105.html

MISC
  http://www.senseofsecurity.com.au/advisories/SOS-10-002

CONFIRM
  http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html
  http://www.vmware.com/security/advisories/VMSA-2010-0014.html
  http://httpd.apache.org/security/vulnerabilities_22.html
  http://httpd.apache.org/security/vulnerabilities_20.html
  http://svn.apache.org/viewvc?view=revision&revision=917870
  http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/arch/win32/mod_isapi.c?r1=917870&r2=917869&pathrev=917870
  http://svn.apache.org/viewvc/httpd/httpd/trunk/CHANGES?r1=917870&r2=917869&pathrev=917870

CERT-VN
  280613

BID
  38494

AIXAPAR
  http://www-01.ibm.com/support/docview.wss?uid=swg1PM12247
  http://www-01.ibm.com/support/docview.wss?uid=swg1PM09447


Return to the previous page.