Apache – CVE-2010-0434

Description

Kayran has detected that the Version of Apache HTTP Server being used has the Subrequest handling of request headers (mod_headers) vulnerability.
CVE-2010-0434 is categorized as an Information Exposure vulnerability (CWE-200).

It means that the product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

The ap_read_request function in server/protocol.c in the version of Apache being used, when a multithreaded MPM is used, does not properly handle headers in subrequests in certain circumstances involving a parent request that has a body.
That, might allow remote attackers to obtain sensitive information by a crafted request that triggers access to memory locations associated with earlier requests.

It will lead to information being disclosed.

Recommendation

To fix CVE-2010-0434, upgrade the version of Apache HTTP Server being used to either 2.0.64 or 2.2.15.

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0434

https://cwe.mitre.org/data/definitions/200.html

< Return to all Vulnerabilities

APT vs. ATP

In this article we will talk about APT vs. ATP. In other words, Advanced Persistent Threat and Advanced Threat Protection and the context between these

Read More »

Bug Bounties

As pirates, we all love plundering, we all love raiding, but mostly, we all love bounties, especially Bug Bounties. Let’s talk about it. Bug Bounties

Read More »