CVE-2010-0408

Apache HTTP Server < 2.2.15 - Denial of Service via mod_proxy_ajp Request Handling

Title source: llm
STIX 2.1

Description

The ap_proxy_ajp_request function in mod_proxy_ajp.c in mod_proxy_ajp in the Apache HTTP Server 2.2.x before 2.2.15 does not properly handle certain situations in which a client sends no request body, which allows remote attackers to cause a denial of service (backend server outage) via a crafted request, related to use of a 500 error code instead of the appropriate 400 error code.

References (44)

Core 44
Core References
Broken Link vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2010/1411
Broken Link vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2010/0911
URL Repurposed third-party-advisory x_refsource_secunia
http://secunia.com/advisories/39628
Broken Link vendor-advisory x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2010:053
Broken Link x_refsource_confirm
http://support.apple.com/kb/HT4435
Third Party Advisory vendor-advisory x_refsource_aixapar
http://www-01.ibm.com/support/docview.wss?uid=swg1PM12247
Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2010-May/040652.html
Mailing List, Third Party Advisory vendor-advisory x_refsource_hp
http://marc.info/?l=bugtraq&m=127557640302499&w=2
Third Party Advisory vendor-advisory x_refsource_aixapar
http://www-01.ibm.com/support/docview.wss?uid=swg1PM15829
URL Repurposed third-party-advisory x_refsource_secunia
http://secunia.com/advisories/39656
Broken Link vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2010-0168.html
Mailing List vendor-advisory x_refsource_apple
http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html
URL Repurposed third-party-advisory x_refsource_secunia
http://secunia.com/advisories/39100
URL Repurposed third-party-advisory x_refsource_secunia
http://secunia.com/advisories/39501
Third Party Advisory vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00006.html
Patch, Vendor Advisory x_refsource_confirm
http://httpd.apache.org/security/vulnerabilities_22.html
URL Repurposed third-party-advisory x_refsource_secunia
http://secunia.com/advisories/40096
Third Party Advisory x_refsource_confirm
http://svn.apache.org/viewvc?view=revision&revision=917876
URL Repurposed third-party-advisory x_refsource_secunia
http://secunia.com/advisories/39632
Third Party Advisory, VDB Entry vendor-advisory x_refsource_debian
http://www.debian.org/security/2010/dsa-2035
Issue Tracking, Third Party Advisory x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=569905
Broken Link vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/38491
Broken Link, Third Party Advisory vendor-advisory x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2013:150
Third Party Advisory vendor-advisory x_refsource_aixapar
http://www-01.ibm.com/support/docview.wss?uid=swg1PM08939
Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039957.html
Broken Link vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2010/1001
Broken Link vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2010/0994
Broken Link vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2010/1057

Scores

EPSS 0.2079
EPSS Percentile 97.3%

Details

Status published
Products (12)
apache/http_server 2.2
apache/http_server 2.2.0
apache/http_server 2.2.2
apache/http_server 2.2.3
apache/http_server 2.2.4
apache/http_server 2.2.6
apache/http_server 2.2.8
apache/http_server 2.2.9
apache/http_server 2.2.11
apache/http_server 2.2.12
... and 2 more
Published Mar 05, 2010
Tracked Since Feb 18, 2026