Apache – CVE-2010-0010

Description

Kayran has detected that the version of Apache HTTP Server being used is vulnerable to a certain Numeric Error vulnerability (CWE-189).
An incorrect conversion between numeric types flaw was found in the mod_proxy module which affects some 64-bit based architecture systems. This vulnerability is named as CVE-2010-0010.

Integer overflow is possible in the “ap_proxy_send_fb” function in proxy/proxy_util.c in mod_proxy in the version of the Apache HTTP Server being used.
This allows remote origin servers to cause a Denial of Service (by enacting a “daemon crash”) or possibly execute arbitrary codes via a large chunk size that triggers a heap-based buffer overflow. This will cause a decrease in performance and also for interruptions in the availability of resources.

Also, there’s a chance that this vulnerability will allow attackers to modify system files and information.

Recommendation

To fix CVE-2010-0010, upgrade the version of Apache HTTP Server being used to 1.3.42.

Some claim that Apache HTTP Server versions 2 and higher are unaffected by it, upgrade according to your personal preference.

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0010

https://cwe.mitre.org/data/definitions/189.html

< Return to all Vulnerabilities

Exposing the GIT

Let’s start with defining the meaning of GIT. GIT – is an open-source system which we use as a tool to store data and information

Read More »

Browser Exploitation

We know that it’s possible to exploit weaknesses (or vulnerabilities) that exist in anything, from a certain code to the entire application, let’s talk about

Read More »

Bug Bounties

As pirates, we all love plundering, we all love raiding, but mostly, we all love bounties, especially Bug Bounties. Let’s talk about it. Bug Bounties

Read More »