[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248268

 
 

909

 
 

195051

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2010-3872Date: (C)2010-11-22   (M)2023-12-22


A flaw was found in the mod_fcgid module of httpd. A malformed FastCGI response may result in a stack-based buffer overflow in the modules/fcgid/fcgid_bucket.c file in the fcgid_header_bucket_read() function, resulting in an application crash.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 7.2
Exploit Score: 3.9
Impact Score: 10.0
 
CVSS V2 Metrics:
Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality: COMPLETE
Integrity: COMPLETE
Availability: COMPLETE
  
Reference:
SECUNIA-42288
SECUNIA-42302
SECUNIA-42815
BID-44900
OSVDB-69275
ADV-2010-2997
ADV-2010-2998
ADV-2011-0031
DSA-2140
FEDORA-2010-17434
FEDORA-2010-17472
FEDORA-2010-17474
SUSE-SU-2011:0885
http://www.gossamer-threads.com/lists/apache/announce/391406
apache-fcgid-bo(63303)
https://access.redhat.com/security/cve/CVE-2010-3872
https://bugzilla.redhat.com/show_bug.cgi?id=2248172
https://github.com/apache/httpd-mod_fcgid/commit/b1afa70840b4ab4e6fbc12ac8798b2f3ccc336b2
https://issues.apache.org/bugzilla/show_bug.cgi?id=49406
openSUSE-SU-2011:0884

CWE    1
CWE-189
OVAL    5
oval:org.secpod.oval:def:400328
oval:org.secpod.oval:def:600206
oval:org.secpod.oval:def:100548
oval:org.secpod.oval:def:100693
...

© SecPod Technologies