JVN/CVE Demo: Cveinfos

CVE

Id: 42992
CVE No.: CVE-2010-0408
Status: Candidate
Description: The ap_proxy_ajp_request function in mod_proxy_ajp.c in mod_proxy_ajp in the Apache HTTP Server 2.2.x before 2.2.15 does not properly handle certain situations in which a client sends no request body, which allows remote attackers to cause a denial of service (backend server outage) via a crafted request, related to use of a 500 error code instead of the appropriate 400 error code.
Phase: Assigned (20100127)
Votes: None (candidate not yet proposed)
Comments

Actions

Related CVE References

Id	CVE Id	CVE No.	Reference	Actions
468509	42992	CVE-2010-0408	CONFIRM:http://httpd.apache.org/security/vulnerabilities_22.html	View
468510	42992	CVE-2010-0408	CONFIRM:http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/modules/proxy/mod_proxy_ajp.c?r1=917876&r2=917875&pathrev=917876	View
468511	42992	CVE-2010-0408	CONFIRM:http://svn.apache.org/viewvc?view=revision&revision=917876	View
468512	42992	CVE-2010-0408	CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=569905	View
468513	42992	CVE-2010-0408	CONFIRM:http://support.apple.com/kb/HT4435	View
468514	42992	CVE-2010-0408	CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html	View
468515	42992	CVE-2010-0408	AIXAPAR:PM12247	View
468516	42992	CVE-2010-0408	URL:http://www-01.ibm.com/support/docview.wss?uid=swg1PM12247	View
468517	42992	CVE-2010-0408	AIXAPAR:PM08939	View
468518	42992	CVE-2010-0408	URL:http://www-01.ibm.com/support/docview.wss?uid=swg1PM08939	View
468519	42992	CVE-2010-0408	AIXAPAR:PM15829	View
468520	42992	CVE-2010-0408	URL:http://www-01.ibm.com/support/docview.wss?uid=swg1PM15829	View
468521	42992	CVE-2010-0408	APPLE:APPLE-SA-2010-11-10-1	View
468522	42992	CVE-2010-0408	URL:http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html	View
468523	42992	CVE-2010-0408	DEBIAN:DSA-2035	View
468524	42992	CVE-2010-0408	URL:http://www.debian.org/security/2010/dsa-2035	View
468525	42992	CVE-2010-0408	FEDORA:FEDORA-2010-5942	View
468526	42992	CVE-2010-0408	URL:http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039957.html	View
468527	42992	CVE-2010-0408	FEDORA:FEDORA-2010-6131	View
468528	42992	CVE-2010-0408	URL:http://lists.fedoraproject.org/pipermail/package-announce/2010-May/040652.html	View
468529	42992	CVE-2010-0408	HP:HPSBUX02531	View
468530	42992	CVE-2010-0408	URL:http://marc.info/?l=bugtraq&m=127557640302499&w=2	View
468531	42992	CVE-2010-0408	HP:SSRT100108	View
468532	42992	CVE-2010-0408	URL:http://marc.info/?l=bugtraq&m=127557640302499&w=2	View
468533	42992	CVE-2010-0408	MANDRIVA:MDVSA-2010:053	View
468534	42992	CVE-2010-0408	URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:053	View
468535	42992	CVE-2010-0408	MANDRIVA:MDVSA-2013:150	View
468536	42992	CVE-2010-0408	URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150	View
468537	42992	CVE-2010-0408	REDHAT:RHSA-2010:0168	View
468538	42992	CVE-2010-0408	URL:http://www.redhat.com/support/errata/RHSA-2010-0168.html	View
468539	42992	CVE-2010-0408	SUSE:SUSE-SR:2010:010	View
468540	42992	CVE-2010-0408	URL:http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00006.html	View
468541	42992	CVE-2010-0408	BID:38491	View
468542	42992	CVE-2010-0408	URL:http://www.securityfocus.com/bid/38491	View
468543	42992	CVE-2010-0408	OVAL:oval:org.mitre.oval:def:8619	View
468544	42992	CVE-2010-0408	URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:8619	View
468545	42992	CVE-2010-0408	OVAL:oval:org.mitre.oval:def:9935	View
468546	42992	CVE-2010-0408	URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9935	View
468547	42992	CVE-2010-0408	SECUNIA:39628	View
468548	42992	CVE-2010-0408	URL:http://secunia.com/advisories/39628	View
468549	42992	CVE-2010-0408	SECUNIA:39632	View
468550	42992	CVE-2010-0408	URL:http://secunia.com/advisories/39632	View
468551	42992	CVE-2010-0408	SECUNIA:39656	View
468552	42992	CVE-2010-0408	URL:http://secunia.com/advisories/39656	View
468553	42992	CVE-2010-0408	SECUNIA:39501	View
468554	42992	CVE-2010-0408	URL:http://secunia.com/advisories/39501	View
468555	42992	CVE-2010-0408	SECUNIA:40096	View
468556	42992	CVE-2010-0408	URL:http://secunia.com/advisories/40096	View
468557	42992	CVE-2010-0408	SECUNIA:39100	View
468558	42992	CVE-2010-0408	URL:http://secunia.com/advisories/39100	View
468559	42992	CVE-2010-0408	VUPEN:ADV-2010-0994	View
468560	42992	CVE-2010-0408	URL:http://www.vupen.com/english/advisories/2010/0994	View
468561	42992	CVE-2010-0408	VUPEN:ADV-2010-1001	View
468562	42992	CVE-2010-0408	URL:http://www.vupen.com/english/advisories/2010/1001	View
468563	42992	CVE-2010-0408	VUPEN:ADV-2010-1057	View
468564	42992	CVE-2010-0408	URL:http://www.vupen.com/english/advisories/2010/1057	View
468565	42992	CVE-2010-0408	VUPEN:ADV-2010-0911	View
468566	42992	CVE-2010-0408	URL:http://www.vupen.com/english/advisories/2010/0911	View
468567	42992	CVE-2010-0408	VUPEN:ADV-2010-1411	View

Related JVN

Id	JVN No.	Title	Summary	CVE No.	CVE Id	CVSS_v2	CVSS_v3	JVN URL	Actions
39473	JVNDB-2010-005258	SystemTap の stap-server における脆弱性	SystemTap の stap-server は、-B オプションの値を適切に制限しない、および make プログラム実行に関する処理に不備があるため、不特定の影響を受ける脆弱性が存在します。	CVE-2010-0412	42992	7.5		http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-005258.html	View

Message	Memory use
Component initialization	1.39 MB
Controller action start	1.49 MB
Controller render start	2.34 MB
View render complete	2.84 MB

Message	Time in ms	Graph
Core Processing (Derived from $_SERVER["REQUEST_TIME"])	2.86
Event: Controller.initialize	0.02
Event: Controller.startup	0.10
Controller action	420.05
Event: Controller.beforeRender	6.74
» Processing toolbar data	6.64
Rendering View	17.58
» Event: View.beforeRender	0.02
» Rendering APP/View/Cveinfos/view.ctp	16.54
» Event: View.afterRender	0.02
» Event: View.beforeLayout	0.02
» Rendering APP/View/Layouts/default.ctp	0.57
» » Rendering CORE/Cake/View/Elements/sql_dump.ctp	0.09
Event: View.afterLayout	0.00

Constant	Value
APP	/virtual/inogo77/public_html/jvn/app/
APP_DIR	app
APPLIBS	/virtual/inogo77/public_html/jvn/app/Lib/
CACHE	/virtual/inogo77/public_html/jvn/app/tmp/cache/
CAKE	/virtual/inogo77/public_html/jvn/lib/Cake/
CAKE_CORE_INCLUDE_PATH	/virtual/inogo77/public_html/jvn/lib
CORE_PATH	/virtual/inogo77/public_html/jvn/lib/
CAKE_VERSION	2.6.0
CSS	/virtual/inogo77/public_html/jvn/app/webroot/css/
CSS_URL	css/
DS	/
FULL_BASE_URL	http://inogo77.s500.xrea.com
IMAGES	/virtual/inogo77/public_html/jvn/app/webroot/img/
IMAGES_URL	img/
JS	/virtual/inogo77/public_html/jvn/app/webroot/js/
JS_URL	js/
LOGS	/virtual/inogo77/public_html/jvn/app/tmp/logs/
ROOT	/virtual/inogo77/public_html/jvn
TESTS	/virtual/inogo77/public_html/jvn/app/Test/
TMP	/virtual/inogo77/public_html/jvn/app/tmp/
VENDORS	/virtual/inogo77/public_html/jvn/vendors/
WEBROOT_DIR	webroot
WWW_ROOT	/virtual/inogo77/public_html/jvn/app/webroot/

Environment Variable	Value
Php Version	5.6.40
Phprc	php56.ini
Php Fcgi Children	1
Pwd	/virtual/inogo77/public_html/.fast-cgi-bin
Php Fcgi Max Requests	10000
Shlvl	0
Path	/usr/local/bin:/usr/bin:/bin
Script Name	/jvn/app/webroot/index.php
Request Uri	/jvn/cveinfos/view/42992
Query String
Request Method	GET
Server Protocol	HTTP/1.1
Gateway Interface	CGI/1.1
Redirect Url	/jvn/app/webroot/cveinfos/view/42992
Remote Port	32459
Script Filename	/virtual/inogo77/public_html/jvn/app/webroot/index.php
Server Admin	[no address given]
Context Document Root	/virtual/inogo77/public_html
Context Prefix
Request Scheme	http
Document Root	/virtual/inogo77/public_html
Remote Addr	216.73.216.154
Server Port	80
Server Addr	160.251.151.205
Server Name	inogo77.s500.xrea.com
Server Software	Apache
Server Signature
Http Connection	close
Http Cache Control	max-age=259200
Http X Forwarded For	10.1.14.45
Http Via	1.1 squid-proxy-5b5d847c96-mw4wx (squid/6.10)
Http Host	inogo77.s500.xrea.com
Http Accept Encoding	gzip, br, zstd, deflate
Http User Agent	Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; ClaudeBot/1.0; +claudebot@anthropic.com)
Http Accept	/
Gem Home	/usr/local/rvm/gems/ruby-2.3.0
Suspectharddos	1
Suspectdos	1
X Dostranslated Ip	216.73.216.154
Mm Country Code	US
Mmdb Info	result found
Mmdb Addr	216.73.216.154
Unique Id	aJMbOZd9YKn658fuvZAyeQAAAKs
Redirect Status	200
Redirect Gem Home	/usr/local/rvm/gems/ruby-2.3.0
Redirect Suspectharddos	1
Redirect Suspectdos	1
Redirect X Dostranslated Ip	216.73.216.154
Redirect Mm Country Code	US
Redirect Mmdb Info	result found
Redirect Mmdb Addr	216.73.216.154
Redirect Unique Id	aJMbOZd9YKn658fuvZAyeQAAAKs
Redirect Redirect Status	200
Redirect Redirect Gem Home	/usr/local/rvm/gems/ruby-2.3.0
Redirect Redirect Suspectharddos	1
Redirect Redirect Suspectdos	1
Redirect Redirect X Dostranslated Ip	216.73.216.154
Redirect Redirect Mm Country Code	US
Redirect Redirect Mmdb Info	result found
Redirect Redirect Mmdb Addr	216.73.216.154
Redirect Redirect Unique Id	aJMbOZd9YKn658fuvZAyeQAAAKs
Fcgi Role	RESPONDER
Php Self	/jvn/app/webroot/index.php
Request Time Float	1754471225.6096
Request Time	1754471225

CVE

Actions

Related CVE References

Related JVN

Request History

Session

Request

Cake Params

Post data

Query string

Cookie

Current Route

Sql Logs

default

Memory

Timers

Logs

View Variables

App Constants

CakePHP Constants

PHP Environment

Included Files

Include Paths

Included Files