LOGIN
CONTACT SALES
LOGIN
CONTACT SALES

Apache – CVE-2010-0434

Description

Cytrix has detected that the Version of Apache HTTP Server being used has the Subrequest handling of request headers (mod_headers) vulnerability.
CVE-2010-0434 is categorized as an Information Exposure vulnerability (CWE-200).

It means that the product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

The ap_read_request function in server/protocol.c in the version of Apache being used, when a multithreaded MPM is used, does not properly handle headers in subrequests in certain circumstances involving a parent request that has a body.
That, might allow remote attackers to obtain sensitive information by a crafted request that triggers access to memory locations associated with earlier requests.

It will lead to information being disclosed.

Recommendation

To fix CVE-2010-0434, upgrade the version of Apache HTTP Server being used to either 2.0.64 or 2.2.15.

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0434

https://cwe.mitre.org/data/definitions/200.html

< Return to all Vulnerabilities

Request a Demo

Bug Bounties

As pirates, we all love plundering, we all love raiding, but mostly, we all love bounties, especially Bug Bounties. Let’s talk about it. Bug Bounties

Read More »

Exposing the GIT

Let’s start with defining the meaning of GIT. GIT – is an open-source system which we use as a tool to store data and information

Read More »
Facebook Linkedin

Company

Resources

Docs

Latest posts

PING US
Facebook Linkedin