CVE 2010-1452
The (1) mod_cache and (2) mod_dav modules in the Apache HTTP Server 2.2.x before 2.2.16 allow remote attackers to cause a denial of service (process crash) via a request that lacks a path.
Related bugs and status
CVE-2010-1452 (Candidate) is related to these bugs:
Bug #589611: [SRU] client sent HTTP/1.1 request without hostname (see RFC2616 section 14.23)
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
589611 | [SRU] client sent HTTP/1.1 request without hostname (see RFC2616 section 14.23) | apache2 (Ubuntu) | High | Fix Released | ||
589611 | [SRU] client sent HTTP/1.1 request without hostname (see RFC2616 section 14.23) | apache2 (Ubuntu Lucid) | High | Fix Released |
Bug #595116: ssl "error reading the headers"
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
595116 | ssl "error reading the headers" | apache2 (Ubuntu) | Medium | Fix Released | ||
595116 | ssl "error reading the headers" | apache2 (Ubuntu Lucid) | Undecided | Fix Released |
Bug #609290: overlapping memcpy in ssl_io_input_read
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
609290 | overlapping memcpy in ssl_io_input_read | apache2 (Ubuntu) | High | Fix Released | ||
609290 | overlapping memcpy in ssl_io_input_read | apache2 (Ubuntu Lucid) | High | Fix Released | ||
609290 | overlapping memcpy in ssl_io_input_read | apache2 (Ubuntu Maverick) | High | Fix Released | ||
609290 | overlapping memcpy in ssl_io_input_read | Apache2 Web Server | Medium | Fix Released |
Bug #827662: PCI Security failure Apache 2.2.14
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
827662 | PCI Security failure Apache 2.2.14 | apache2 (Ubuntu) | Undecided | Invalid |
See the
CVE page on Mitre.org
for more details.