Search for vulnerabilities
Vulnerability details: VCID-964c-4tbk-aaan
Vulnerability ID VCID-964c-4tbk-aaan
Aliases CVE-2010-0408
Summary The ap_proxy_ajp_request function in mod_proxy_ajp.c in mod_proxy_ajp in the Apache HTTP Server 2.2.x before 2.2.15 does not properly handle certain situations in which a client sends no request body, which allows remote attackers to cause a denial of service (backend server outage) via a crafted request, related to use of a 500 error code instead of the appropriate 400 error code.
Status Published
Exploitability 0.5
Weighted Severity 6.2
Risk 3.1
Affected and Fixed Packages Package Details
Weaknesses (0)
There are no known CWE.
System Score Found at
generic_textual MODERATE http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039957.html
generic_textual MODERATE http://lists.fedoraproject.org/pipermail/package-announce/2010-May/040652.html
rhas Moderate https://access.redhat.com/errata/RHSA-2010:0168
rhas Moderate https://access.redhat.com/errata/RHSA-2010:0396
epss 0.10255 https://api.first.org/data/v1/epss?cve=CVE-2010-0408
epss 0.10255 https://api.first.org/data/v1/epss?cve=CVE-2010-0408
epss 0.10255 https://api.first.org/data/v1/epss?cve=CVE-2010-0408
epss 0.10255 https://api.first.org/data/v1/epss?cve=CVE-2010-0408
epss 0.10255 https://api.first.org/data/v1/epss?cve=CVE-2010-0408
epss 0.11880 https://api.first.org/data/v1/epss?cve=CVE-2010-0408
epss 0.11880 https://api.first.org/data/v1/epss?cve=CVE-2010-0408
epss 0.11880 https://api.first.org/data/v1/epss?cve=CVE-2010-0408
epss 0.11880 https://api.first.org/data/v1/epss?cve=CVE-2010-0408
epss 0.11880 https://api.first.org/data/v1/epss?cve=CVE-2010-0408
epss 0.128 https://api.first.org/data/v1/epss?cve=CVE-2010-0408
epss 0.128 https://api.first.org/data/v1/epss?cve=CVE-2010-0408
epss 0.128 https://api.first.org/data/v1/epss?cve=CVE-2010-0408
epss 0.128 https://api.first.org/data/v1/epss?cve=CVE-2010-0408
epss 0.128 https://api.first.org/data/v1/epss?cve=CVE-2010-0408
epss 0.14585 https://api.first.org/data/v1/epss?cve=CVE-2010-0408
epss 0.14585 https://api.first.org/data/v1/epss?cve=CVE-2010-0408
epss 0.14585 https://api.first.org/data/v1/epss?cve=CVE-2010-0408
epss 0.25072 https://api.first.org/data/v1/epss?cve=CVE-2010-0408
epss 0.25072 https://api.first.org/data/v1/epss?cve=CVE-2010-0408
epss 0.25072 https://api.first.org/data/v1/epss?cve=CVE-2010-0408
epss 0.25072 https://api.first.org/data/v1/epss?cve=CVE-2010-0408
epss 0.25072 https://api.first.org/data/v1/epss?cve=CVE-2010-0408
epss 0.25072 https://api.first.org/data/v1/epss?cve=CVE-2010-0408
epss 0.25072 https://api.first.org/data/v1/epss?cve=CVE-2010-0408
epss 0.25072 https://api.first.org/data/v1/epss?cve=CVE-2010-0408
epss 0.25072 https://api.first.org/data/v1/epss?cve=CVE-2010-0408
epss 0.25072 https://api.first.org/data/v1/epss?cve=CVE-2010-0408
epss 0.25072 https://api.first.org/data/v1/epss?cve=CVE-2010-0408
epss 0.25072 https://api.first.org/data/v1/epss?cve=CVE-2010-0408
epss 0.25072 https://api.first.org/data/v1/epss?cve=CVE-2010-0408
epss 0.25072 https://api.first.org/data/v1/epss?cve=CVE-2010-0408
epss 0.25072 https://api.first.org/data/v1/epss?cve=CVE-2010-0408
epss 0.25072 https://api.first.org/data/v1/epss?cve=CVE-2010-0408
epss 0.25072 https://api.first.org/data/v1/epss?cve=CVE-2010-0408
epss 0.25072 https://api.first.org/data/v1/epss?cve=CVE-2010-0408
epss 0.25072 https://api.first.org/data/v1/epss?cve=CVE-2010-0408
epss 0.25072 https://api.first.org/data/v1/epss?cve=CVE-2010-0408
epss 0.25072 https://api.first.org/data/v1/epss?cve=CVE-2010-0408
epss 0.25072 https://api.first.org/data/v1/epss?cve=CVE-2010-0408
epss 0.25072 https://api.first.org/data/v1/epss?cve=CVE-2010-0408
epss 0.25072 https://api.first.org/data/v1/epss?cve=CVE-2010-0408
epss 0.25072 https://api.first.org/data/v1/epss?cve=CVE-2010-0408
epss 0.25072 https://api.first.org/data/v1/epss?cve=CVE-2010-0408
epss 0.25072 https://api.first.org/data/v1/epss?cve=CVE-2010-0408
epss 0.25072 https://api.first.org/data/v1/epss?cve=CVE-2010-0408
epss 0.25072 https://api.first.org/data/v1/epss?cve=CVE-2010-0408
epss 0.25072 https://api.first.org/data/v1/epss?cve=CVE-2010-0408
epss 0.25072 https://api.first.org/data/v1/epss?cve=CVE-2010-0408
epss 0.25072 https://api.first.org/data/v1/epss?cve=CVE-2010-0408
epss 0.25072 https://api.first.org/data/v1/epss?cve=CVE-2010-0408
epss 0.25072 https://api.first.org/data/v1/epss?cve=CVE-2010-0408
epss 0.25072 https://api.first.org/data/v1/epss?cve=CVE-2010-0408
epss 0.25072 https://api.first.org/data/v1/epss?cve=CVE-2010-0408
epss 0.25072 https://api.first.org/data/v1/epss?cve=CVE-2010-0408
epss 0.25072 https://api.first.org/data/v1/epss?cve=CVE-2010-0408
epss 0.25072 https://api.first.org/data/v1/epss?cve=CVE-2010-0408
epss 0.25072 https://api.first.org/data/v1/epss?cve=CVE-2010-0408
epss 0.25072 https://api.first.org/data/v1/epss?cve=CVE-2010-0408
epss 0.25072 https://api.first.org/data/v1/epss?cve=CVE-2010-0408
epss 0.25072 https://api.first.org/data/v1/epss?cve=CVE-2010-0408
epss 0.25072 https://api.first.org/data/v1/epss?cve=CVE-2010-0408
epss 0.25072 https://api.first.org/data/v1/epss?cve=CVE-2010-0408
epss 0.25072 https://api.first.org/data/v1/epss?cve=CVE-2010-0408
epss 0.25072 https://api.first.org/data/v1/epss?cve=CVE-2010-0408
epss 0.25072 https://api.first.org/data/v1/epss?cve=CVE-2010-0408
epss 0.25072 https://api.first.org/data/v1/epss?cve=CVE-2010-0408
epss 0.25072 https://api.first.org/data/v1/epss?cve=CVE-2010-0408
epss 0.25072 https://api.first.org/data/v1/epss?cve=CVE-2010-0408
epss 0.27801 https://api.first.org/data/v1/epss?cve=CVE-2010-0408
apache_httpd moderate https://httpd.apache.org/security/json/CVE-2010-0408.json
cvssv2 5.0 https://nvd.nist.gov/vuln/detail/CVE-2010-0408
generic_textual MODERATE http://www-01.ibm.com/support/docview.wss?uid=swg1PM12247
Reference id Reference type URL
http://httpd.apache.org/security/vulnerabilities_22.html
http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039957.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-May/040652.html
http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00006.html
http://marc.info/?l=bugtraq&m=127557640302499&w=2
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-0408.json
https://api.first.org/data/v1/epss?cve=CVE-2010-0408
https://bugzilla.redhat.com/show_bug.cgi?id=569905
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0408
http://secunia.com/advisories/39100
http://secunia.com/advisories/39501
http://secunia.com/advisories/39628
http://secunia.com/advisories/39632
http://secunia.com/advisories/39656
http://secunia.com/advisories/40096
https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r2295080a257bad27ea68ca0af12fc715577f9e84801eae116a33107e@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r2295080a257bad27ea68ca0af12fc715577f9e84801eae116a33107e%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rad2acee3ab838b52c04a0698b1728a9a43467bf365bd481c993c535d@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rad2acee3ab838b52c04a0698b1728a9a43467bf365bd481c993c535d%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/reb7c64aeea604bf948467d9d1cab8ff23fa7d002be1964bcc275aae7@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/reb7c64aeea604bf948467d9d1cab8ff23fa7d002be1964bcc275aae7%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8619
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9935
http://support.apple.com/kb/HT4435
http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/modules/proxy/mod_proxy_ajp.c?r1=917876&r2=917875&pathrev=917876
http://svn.apache.org/viewvc?view=revision&revision=917876
http://www-01.ibm.com/support/docview.wss?uid=swg1PM08939
http://www-01.ibm.com/support/docview.wss?uid=swg1PM12247
http://www-01.ibm.com/support/docview.wss?uid=swg1PM15829
http://www.debian.org/security/2010/dsa-2035
http://www.mandriva.com/security/advisories?name=MDVSA-2010:053
http://www.mandriva.com/security/advisories?name=MDVSA-2013:150
http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html
http://www.redhat.com/support/errata/RHSA-2010-0168.html
http://www.securityfocus.com/bid/38491
http://www.vupen.com/english/advisories/2010/0911
http://www.vupen.com/english/advisories/2010/0994
http://www.vupen.com/english/advisories/2010/1001
http://www.vupen.com/english/advisories/2010/1057
http://www.vupen.com/english/advisories/2010/1411
cpe:2.3:a:apache:http_server:-:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:-:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.2:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.2.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.2.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.2.11:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.2.11:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.2.12:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.2.12:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.2.13:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.2.13:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.2.14:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.2.14:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.2.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.2.2:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.2.3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.2.3:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.2.4:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.2.4:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.2.6:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.2.6:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.2.8:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.2.8:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.2.9:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.2.9:*:*:*:*:*:*:*
CVE-2010-0408 https://httpd.apache.org/security/json/CVE-2010-0408.json
CVE-2010-0408 https://nvd.nist.gov/vuln/detail/CVE-2010-0408
GLSA-201206-25 https://security.gentoo.org/glsa/201206-25
RHSA-2010:0168 https://access.redhat.com/errata/RHSA-2010:0168
RHSA-2010:0396 https://access.redhat.com/errata/RHSA-2010:0396
USN-908-1 https://usn.ubuntu.com/908-1/
No exploits are available.
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2010-0408
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.95132
EPSS Score 0.10255
Published At Nov. 1, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.