Back to search
CVE-2010-0434
Published: Mar 5, 2010
Modified: Aug 7, 2024
PUBLISHED
Description
The ap_read_request function in server/protocol.c in the Apache HTTP Server 2.2.x before 2.2.15, when a multithreaded MPM is used, does not properly handle headers in subrequests in certain circumstances involving a parent request that has a body, which might allow remote attackers to obtain sensitive information via a crafted request that triggers access to memory locations associated with an earlier request.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
RHSA-2010:0175
vendor-advisory
x_refsource_REDHAT
39115
third-party-advisory
x_refsource_SECUNIA
ADV-2010-1411
vdb-entry
x_refsource_VUPEN
http://www.vmware.com/security/advisories/VMSA-2010-0014.html
x_refsource_CONFIRM
ADV-2010-0911
vdb-entry
x_refsource_VUPEN
39628
third-party-advisory
x_refsource_SECUNIA
http://support.apple.com/kb/HT4435
x_refsource_CONFIRM
PM12247
vendor-advisory
x_refsource_AIXAPAR
FEDORA-2010-6131
vendor-advisory
x_refsource_FEDORA
oval:org.mitre.oval:def:10358
vdb-entry
signature
x_refsource_OVAL
oval:org.mitre.oval:def:8695
vdb-entry
signature
x_refsource_OVAL
HPSBUX02531
vendor-advisory
x_refsource_HP
PM15829
vendor-advisory
x_refsource_AIXAPAR
39656
third-party-advisory
x_refsource_SECUNIA
https://issues.apache.org/bugzilla/show_bug.cgi?id=48359
x_refsource_CONFIRM
38494
vdb-entry
x_refsource_BID
http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html
x_refsource_CONFIRM
RHSA-2010:0168
vendor-advisory
x_refsource_REDHAT
apache-http-rh-info-disclosure(56625)
vdb-entry
x_refsource_XF
APPLE-SA-2010-11-10-1
vendor-advisory
x_refsource_APPLE
39100
third-party-advisory
x_refsource_SECUNIA
39501
third-party-advisory
x_refsource_SECUNIA
SUSE-SR:2010:010
vendor-advisory
x_refsource_SUSE
[security-announce] 20100923 VMSA-2010-0014 VMware Workstation, Player, and ACE address several security issues
mailing-list
x_refsource_MLIST
http://httpd.apache.org/security/vulnerabilities_22.html
x_refsource_CONFIRM
http://svn.apache.org/viewvc?view=revision&revision=917867
x_refsource_CONFIRM
40096
third-party-advisory
x_refsource_SECUNIA
SSRT100108
vendor-advisory
x_refsource_HP
https://bugzilla.redhat.com/show_bug.cgi?id=570171
x_refsource_CONFIRM
39632
third-party-advisory
x_refsource_SECUNIA
DSA-2035
vendor-advisory
x_refsource_DEBIAN
PM08939
vendor-advisory
x_refsource_AIXAPAR
FEDORA-2010-5942
vendor-advisory
x_refsource_FEDORA
http://svn.apache.org/viewvc?view=revision&revision=918427
x_refsource_CONFIRM
ADV-2010-1001
vdb-entry
x_refsource_VUPEN
ADV-2010-0994
vdb-entry
x_refsource_VUPEN
ADV-2010-1057
vdb-entry
x_refsource_VUPEN
[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/
mailing-list
x_refsource_MLIST
[httpd-cvs] 20210330 svn commit: r1888194 [7/13] - /httpd/site/trunk/content/security/json/
mailing-list
x_refsource_MLIST
[httpd-cvs] 20210330 svn commit: r1073143 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/
mailing-list
x_refsource_MLIST
[httpd-cvs] 20210330 svn commit: r1073139 [7/13] - in /websites/staging/httpd/trunk/content: ./ security/json/
mailing-list
x_refsource_MLIST
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now