cpe:/a:apache:mod_fcgid:2.3.1 cpe:/a:apache:mod_fcgid:2.3.2 cpe:/a:apache:mod_fcgid:2.3.3 cpe:/a:apache:mod_fcgid:2.3.4 cpe:/a:apache:mod_fcgid:2.3.5 CVE-2010-3872 2010-11-22T07:54:10.300-05:00 2017-08-16T21:33:04.167-04:00 7.2 LOCAL LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2010-11-22T09:06:00.000-05:00 SECUNIA 42288 SECUNIA 42302 SECUNIA 42815 BID 44900 OSVDB 69275 VUPEN ADV-2010-2997 VUPEN ADV-2010-2998 VUPEN ADV-2011-0031 DEBIAN DSA-2140 FEDORA FEDORA-2010-17434 FEDORA FEDORA-2010-17472 FEDORA FEDORA-2010-17474 SUSE SUSE-SU-2011:0885 MLIST [apache] 20101107 [ANNOUNCE] mod_fcgid 2.3.6 is released XF apache-fcgid-bo(63303) CONFIRM https://issues.apache.org/bugzilla/show_bug.cgi?id=49406 SUSE openSUSE-SU-2011:0884 The fcgid_header_bucket_read function in fcgid_bucket.c in the mod_fcgid module before 2.3.6 for the Apache HTTP Server does not use bytewise pointer arithmetic in certain circumstances, which has unspecified impact and attack vectors related to "untrusted FastCGI applications" and a "stack buffer overwrite."