CVE-2010-0425

Apache HTTP Server <2.3.7 - RCE

Title source: llm

Description

modules/arch/win32/mod_isapi.c in mod_isapi in the Apache HTTP Server 2.0.37 through 2.0.63, 2.2.0 through 2.2.14, and 2.3.x before 2.3.7, when running on Windows, does not ensure that request processing is complete before calling isapi_unload for an ISAPI .dll module, which allows remote attackers to execute arbitrary code via unspecified vectors related to a crafted request, a reset packet, and "orphaned callback pointers."

Exploits (2)

exploitdb WORKING POC VERIFIED

by Brett Gervasoni · cremotewindows

https://www.exploit-db.com/exploits/11650

View Code ZIP pw:eip

metasploit WORKING POC

by Brett Gervasoni, jduck · rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/dos/http/apache_mod_isapi.rb

View Code ZIP pw:eip

References (42)

[Vendor Advisory] http://httpd.apache.org/security/vulnerabilities_20.html

[Vendor Advisory] http://httpd.apache.org/security/vulnerabilities_22.html

[Broken Link] http://lists.vmware.com/pipermail/security-announce/2010/000105.html

[Broken Link] http://secunia.com/advisories/38978

[Broken Link] http://secunia.com/advisories/39628

[Permissions Required] http://svn.apache.org/viewvc/httpd/httpd/trunk/CHANGES?r1=917870&r2=917869&pathrev=917870

[Permissions Required] http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/arch/win32/mod_isapi.c?r1=917870&r2=917869&pathrev=917870

[Permissions Required] http://svn.apache.org/viewvc?view=revision&revision=917870

[Third Party Advisory] http://www-01.ibm.com/support/docview.wss?uid=swg1PM09447

[Third Party Advisory] http://www-01.ibm.com/support/docview.wss?uid=swg1PM12247

[Third Party Advisory, US Government Resource] http://www.kb.cert.org/vuls/id/280613

[Third Party Advisory] http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html

[Broken Link, Exploit] http://www.securityfocus.com/bid/38494

[Broken Link] http://www.securitytracker.com/id?1023701

[Third Party Advisory, URL Repurposed] http://www.senseofsecurity.com.au/advisories/SOS-10-002

[Third Party Advisory] http://www.vmware.com/security/advisories/VMSA-2010-0014.html

[Broken Link, Vendor Advisory] http://www.vupen.com/english/advisories/2010/0634

[Broken Link, Issue Tracking, Mailing List, Vendor Advisory] http://www.vupen.com/english/advisories/2010/0994

[Third Party Advisory] https://exchange.xforce.ibmcloud.com/vulnerabilities/56624

[Issue Tracking, Mailing List] https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E

... and 22 more

Scores

EPSS 0.8682

EPSS Percentile 99.4%

Details

Status published

Products (39)

apache/http_server 2.0.37 - 2.0.64

broadcom/vmware_ace_management_server < 2.7.2

ibm/http_server 6.0.2

ibm/http_server 6.0.2.1

ibm/http_server 6.0.2.3

ibm/http_server 6.0.2.7

ibm/http_server 6.0.2.9

ibm/http_server 6.0.2.11

ibm/http_server 6.0.2.13

ibm/http_server 6.0.2.15

... and 29 more

Published Mar 05, 2010

Tracked Since Feb 18, 2026