Apache – CVE-2010-0434

Description

Kayran has detected that the Version of Apache HTTP Server being used has the Subrequest handling of request headers (mod_headers) vulnerability.
CVE-2010-0434 is categorized as an Information Exposure vulnerability (CWE-200).

It means that the product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

The ap_read_request function in server/protocol.c in the version of Apache being used, when a multithreaded MPM is used, does not properly handle headers in subrequests in certain circumstances involving a parent request that has a body.
That, might allow remote attackers to obtain sensitive information by a crafted request that triggers access to memory locations associated with earlier requests.

It will lead to information being disclosed.

Recommendation

To fix CVE-2010-0434, upgrade the version of Apache HTTP Server being used to either 2.0.64 or 2.2.15.

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0434

https://cwe.mitre.org/data/definitions/200.html

< Return to all Vulnerabilities

Using VPN

What is a VPN? Why should someone be using VPN? Which Problems does is solve? and what is the advantages and disadvantages of it? Let’s

Read More »