Apache – CVE-2010-0434


Kayran has detected that the Version of Apache HTTP Server being used has the Subrequest handling of request headers (mod_headers) vulnerability.
CVE-2010-0434 is categorized as an Information Exposure vulnerability (CWE-200).

It means that the product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

The ap_read_request function in server/protocol.c in the version of Apache being used, when a multithreaded MPM is used, does not properly handle headers in subrequests in certain circumstances involving a parent request that has a body.
That, might allow remote attackers to obtain sensitive information by a crafted request that triggers access to memory locations associated with earlier requests.

It will lead to information being disclosed.


To fix CVE-2010-0434, upgrade the version of Apache HTTP Server being used to either 2.0.64 or 2.2.15.




< Return to all Vulnerabilities

Man-In-The-Middle Attacks

Do you know these people who just push themselves into conversations?That’s Man-In-The-Middle Attacks. And from a wider angle, Man-In-The-Middle Attacks, or MITM, are built around

Read More »