Apache » Http Server » 2.2.4 : Security Vulnerabilities, CVEs, (Code Execution)
Race condition in the mod_status module in the Apache HTTP Server before 2.4.10 allows remote attackers to cause a denial of service (heap-based buffer overflow), or possibly obtain sensitive credential information or execute arbitrary code, via a crafted request that triggers improper scoreboard handling within the status_handler function in modules/generators/mod_status.c and the lua_ap_scoreboard_worker function in modules/lua/lua_request.c.
Max CVSS
6.8
EPSS Score
95.63%
Published
2014-07-20
Updated
2022-09-14
CVE-2010-0425
Public exploit
modules/arch/win32/mod_isapi.c in mod_isapi in the Apache HTTP Server 2.0.37 through 2.0.63, 2.2.0 through 2.2.14, and 2.3.x before 2.3.7, when running on Windows, does not ensure that request processing is complete before calling isapi_unload for an ISAPI .dll module, which allows remote attackers to execute arbitrary code via unspecified vectors related to a crafted request, a reset packet, and "orphaned callback pointers."
Max CVSS
10.0
EPSS Score
97.27%
Published
2010-03-05
Updated
2021-06-06
2 vulnerabilities found