Apache – CVE-2010-0010

Description

Kayran has detected that the version of Apache HTTP Server being used is vulnerable to a certain Numeric Error vulnerability (CWE-189).
An incorrect conversion between numeric types flaw was found in the mod_proxy module which affects some 64-bit based architecture systems. This vulnerability is named as CVE-2010-0010.

Integer overflow is possible in the “ap_proxy_send_fb” function in proxy/proxy_util.c in mod_proxy in the version of the Apache HTTP Server being used.
This allows remote origin servers to cause a Denial of Service (by enacting a “daemon crash”) or possibly execute arbitrary codes via a large chunk size that triggers a heap-based buffer overflow. This will cause a decrease in performance and also for interruptions in the availability of resources.

Also, there’s a chance that this vulnerability will allow attackers to modify system files and information.

Recommendation

To fix CVE-2010-0010, upgrade the version of Apache HTTP Server being used to 1.3.42.

Some claim that Apache HTTP Server versions 2 and higher are unaffected by it, upgrade according to your personal preference.

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0010

https://cwe.mitre.org/data/definitions/189.html

< Return to all Vulnerabilities

The Cloud

I’m pretty sure there isn’t a single adult in the world who hasn’t at least heard of The Cloud. Explaining “The Cloud” in 2022 may

Read More »