CVE-2010-0434

Impact:
Low
Public Date:
2009-12-09
Bugzilla:
570171: CVE-2010-0434 httpd: request header information leak

The MITRE CVE dictionary describes this issue as:

The ap_read_request function in server/protocol.c in the Apache HTTP Server 2.2.x before 2.2.15, when a multithreaded MPM is used, does not properly handle headers in subrequests in certain circumstances involving a parent request that has a body, which might allow remote attackers to obtain sensitive information via a crafted request that triggers access to memory locations associated with an earlier request.

Find out more about CVE-2010-0434 from the MITRE CVE dictionary dictionary and NIST NVD.

Statement

Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-0434

This issue was fixed in Red Hat Enterprise Linux 5 via: https://rhn.redhat.com/errata/RHSA-2010-0168.html

This issue was fixed in Red Hat Enterprise
Linux 4 via: https://rhn.redhat.com/errata/RHSA-2010-0175.html

The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw on Red Hat Enterprise Linux 3. More information regarding issue severity can be found here: http://www.redhat.com/security/updates/classification/

CVSS v2 metrics

Base Score 2.6
Base Metrics AV:N/AC:H/Au:N/C:P/I:N/A:N
Access Vector Network
Access Complexity High
Authentication None
Confidentiality Impact Partial
Integrity Impact None
Availability Impact None

Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).

Red Hat Security Errata

Platform Errata Release Date
Red Hat JBoss Enterprise Web Server 1 for RHEL 5 Server RHSA-2010:0396 2010-05-05
Red Hat Enterprise Linux 4 (httpd) RHSA-2010:0175 2010-03-25
Red Hat JBoss Web Server 1.0 for RHEL 4 AS (httpd22) RHSA-2010:0396 2010-05-05
Red Hat Certificate System 7.3 for 4AS RHSA-2010:0602 2010-08-04
Red Hat Enterprise Linux 5 (httpd) RHSA-2010:0168 2010-03-25
Last Modified

CVE description copyright © 2017, The MITRE Corporation