CVE-2010-0425

IBM WebSphere Application Server 6.1-6.1.0.30 - Remote Code Execution via ISAPI Module Orphaned Callback Pointers

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2010-0425. PoCs published by Brett Gervasoni, Brett Gervasoni, jduck, including Metasploit module auxiliary/dos/http/apache_mod_isapi.

AI-analyzed exploit summary This exploit targets a dangling pointer vulnerability in Apache 2.2.14 mod_isapi (CVE-2010-0425) to achieve remote code execution. It sends crafted HTTP requests to trigger the vulnerability and includes shellcode to write a file as a proof of exploitation.

Description

modules/arch/win32/mod_isapi.c in mod_isapi in the Apache HTTP Server 2.0.37 through 2.0.63, 2.2.0 through 2.2.14, and 2.3.x before 2.3.7, when running on Windows, does not ensure that request processing is complete before calling isapi_unload for an ISAPI .dll module, which allows remote attackers to execute arbitrary code via unspecified vectors related to a crafted request, a reset packet, and "orphaned callback pointers."

Exploits (2)

exploitdb WORKING POC VERIFIED
by Brett Gervasoni · cremotewindows
https://www.exploit-db.com/exploits/11650

This exploit targets a dangling pointer vulnerability in Apache 2.2.14 mod_isapi (CVE-2010-0425) to achieve remote code execution. It sends crafted HTTP requests to trigger the vulnerability and includes shellcode to write a file as a proof of exploitation.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Complex
Reliability
Racy
Target: Apache 2.2.14 mod_isapi
No auth needed
Prerequisites: Network access to the target Apache server · Apache 2.2.14 with mod_isapi enabled · DEP not enabled for the Apache process
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC
by Brett Gervasoni, jduck · rubypoc
https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/dos/http/apache_mod_isapi.rb

This Metasploit module exploits a use-after-free vulnerability in Apache mod_isapi (CVE-2010-0425) by triggering a dangling pointer via malformed HTTP requests. It causes a crash by unloading an ISAPI module and then reusing stale pointers, though arbitrary code execution is theoretical.

Classification
Working Poc 95%
Attack Type
Dos
Complexity
Moderate
Reliability
Reliable
Target: Apache HTTP Server mod_isapi (versions 2.2.14 and earlier)
No auth needed
Prerequisites: Target server must have an ISAPI module installed and configured
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (42)

Core 42
Core References
Third Party Advisory x_refsource_misc
https://www.exploit-db.com/exploits/11650
Vendor Advisory x_refsource_confirm
http://httpd.apache.org/security/vulnerabilities_22.html
Third Party Advisory x_refsource_confirm
http://www.vmware.com/security/advisories/VMSA-2010-0014.html
Broken Link third-party-advisory x_refsource_secunia
http://secunia.com/advisories/39628
Broken Link, Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2010/0634
Third Party Advisory vendor-advisory x_refsource_aixapar
http://www-01.ibm.com/support/docview.wss?uid=swg1PM12247
Broken Link vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1023701
Broken Link, Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/38494
Third Party Advisory vendor-advisory x_refsource_aixapar
http://www-01.ibm.com/support/docview.wss?uid=swg1PM09447
Vendor Advisory x_refsource_confirm
http://httpd.apache.org/security/vulnerabilities_20.html
Third Party Advisory, US Government Resource third-party-advisory x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/280613
Broken Link third-party-advisory x_refsource_secunia
http://secunia.com/advisories/38978
Permissions Required x_refsource_confirm
http://svn.apache.org/viewvc?view=revision&revision=917870
Third Party Advisory, URL Repurposed x_refsource_misc
http://www.senseofsecurity.com.au/advisories/SOS-10-002
Third Party Advisory vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/56624
Broken Link, Issue Tracking, Mailing List, Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2010/0994

Scores

EPSS 0.8682
EPSS Percentile 99.5%

Details

Status published
Products (39)
apache/http_server 2.0.37 - 2.0.64
broadcom/vmware_ace_management_server < 2.7.2
ibm/http_server 6.0.2
ibm/http_server 6.0.2.1
ibm/http_server 6.0.2.3
ibm/http_server 6.0.2.7
ibm/http_server 6.0.2.9
ibm/http_server 6.0.2.11
ibm/http_server 6.0.2.13
ibm/http_server 6.0.2.15
... and 29 more
Published Mar 05, 2010
Tracked Since Feb 18, 2026