Apache – CVE-2010-0010

Description

Kayran has detected that the version of Apache HTTP Server being used is vulnerable to a certain Numeric Error vulnerability (CWE-189).
An incorrect conversion between numeric types flaw was found in the mod_proxy module which affects some 64-bit based architecture systems. This vulnerability is named as CVE-2010-0010.

Integer overflow is possible in the “ap_proxy_send_fb” function in proxy/proxy_util.c in mod_proxy in the version of the Apache HTTP Server being used.
This allows remote origin servers to cause a Denial of Service (by enacting a “daemon crash”) or possibly execute arbitrary codes via a large chunk size that triggers a heap-based buffer overflow. This will cause a decrease in performance and also for interruptions in the availability of resources.

Also, there’s a chance that this vulnerability will allow attackers to modify system files and information.

Recommendation

To fix CVE-2010-0010, upgrade the version of Apache HTTP Server being used to 1.3.42.

Some claim that Apache HTTP Server versions 2 and higher are unaffected by it, upgrade according to your personal preference.

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0010

https://cwe.mitre.org/data/definitions/189.html

< Return to all Vulnerabilities

The Dark Web

Let’s talk about the darker and more mysterious side of the internet, also known as The Dark Web. You’ve probably heard about it, whether it’s

Read More »

Man-In-The-Middle Attacks

Do you know these people who just push themselves into conversations?That’s Man-In-The-Middle Attacks. And from a wider angle, Man-In-The-Middle Attacks, or MITM, are built around

Read More »