modules/arch/win32/mod_isapi.c in mod_isapi in the Apache HTTP Server 2.0.37 through 2.0.63, 2.2.0 through 2.2.14, and 2.3.x before 2.3.7, when running on Windows, does not ensure that request processing is complete before calling isapi_unload for an ISAPI .dll module, which allows remote attackers to execute arbitrary code via unspecified vectors related to a crafted request, a reset packet, and "orphaned callback pointers."
Published 2010-03-05 19:30:01
Updated 2021-06-06 11:15:16
Source Red Hat, Inc.
View at NVD,   CVE.org
Vulnerability category: Execute code

Products affected by CVE-2010-0425

Exploit prediction scoring system (EPSS) score for CVE-2010-0425

97.16%
Probability of exploitation activity in the next 30 days EPSS Score History
~ 100 %
Percentile, the proportion of vulnerabilities that are scored at or less

Metasploit modules for CVE-2010-0425

  • Apache mod_isapi Dangling Pointer
    Disclosure Date: 2010-03-05
    First seen: 2020-04-26
    auxiliary/dos/http/apache_mod_isapi
    This module triggers a use-after-free vulnerability in the Apache Software Foundation mod_isapi extension for versions 2.2.14 and earlier. In order to reach the vulnerable code, the target server must have an ISAPI module installed and configured. By making

CVSS scores for CVE-2010-0425

Base Score Base Severity CVSS Vector Exploitability Score Impact Score Score Source First Seen
10.0
HIGH AV:N/AC:L/Au:N/C:C/I:C/A:C
10.0
10.0
NIST

References for CVE-2010-0425

Jump to
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!