CVE-2010-0408

Description

The ap_proxy_ajp_request function in mod_proxy_ajp.c in mod_proxy_ajp in the Apache HTTP Server 2.2.x before 2.2.15 does not properly handle certain situations in which a client sends no request body, which allows remote attackers to cause a denial of service (backend server outage) via a crafted request, related to use of a 500 error code instead of the appropriate 400 error code.

5.0
CVSS
Severity: Medium
CVSS 2.0 •
EPSS 25.07% Top 5%
Vendor Advisory mandriva.com Vendor Advisory ibm.com Vendor Advisory fedoraproject.org Vendor Advisory marc.info Vendor Advisory ibm.com Vendor Advisory redhat.com Vendor Advisory apple.com Vendor Advisory opensuse.org Vendor Advisory debian.org Vendor Advisory mandriva.com Vendor Advisory ibm.com Vendor Advisory fedoraproject.org Vendor Advisory apache.org
Affected: n/a n/a
Published at:
Updated at:

References

Link Tags
http://www.vupen.com/english/advisories/2010/1411 vdb entry broken link
http://www.vupen.com/english/advisories/2010/0911 vdb entry broken link
http://secunia.com/advisories/39628 third party advisory url repurposed
http://www.mandriva.com/security/advisories?name=MDVSA-2010:053 vendor advisory broken link
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9935 vdb entry signature broken link
http://support.apple.com/kb/HT4435 broken link
http://www-01.ibm.com/support/docview.wss?uid=swg1PM12247 third party advisory vendor advisory
http://lists.fedoraproject.org/pipermail/package-announce/2010-May/040652.html mailing list third party advisory vendor advisory
http://marc.info/?l=bugtraq&m=127557640302499&w=2 mailing list third party advisory vendor advisory
http://www-01.ibm.com/support/docview.wss?uid=swg1PM15829 third party advisory vendor advisory
http://secunia.com/advisories/39656 third party advisory url repurposed
http://www.redhat.com/support/errata/RHSA-2010-0168.html vendor advisory broken link
http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html mailing list vendor advisory
http://secunia.com/advisories/39100 third party advisory url repurposed
http://secunia.com/advisories/39501 third party advisory url repurposed
http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00006.html third party advisory vendor advisory
http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html third party advisory
http://httpd.apache.org/security/vulnerabilities_22.html patch vendor advisory
http://secunia.com/advisories/40096 third party advisory url repurposed
http://svn.apache.org/viewvc?view=revision&revision=917876 third party advisory
http://secunia.com/advisories/39632 third party advisory url repurposed
http://www.debian.org/security/2010/dsa-2035 vdb entry third party advisory vendor advisory
https://bugzilla.redhat.com/show_bug.cgi?id=569905 issue tracking third party advisory
http://www.securityfocus.com/bid/38491 vdb entry broken link
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8619 vdb entry signature broken link
http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/modules/proxy/mod_proxy_ajp.c?r1=917876&r2=917875&pathrev=917876 third party advisory patch
http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 broken link third party advisory vendor advisory
http://www-01.ibm.com/support/docview.wss?uid=swg1PM08939 third party advisory vendor advisory
http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039957.html mailing list third party advisory vendor advisory
http://www.vupen.com/english/advisories/2010/1001 vdb entry broken link
http://www.vupen.com/english/advisories/2010/0994 vdb entry broken link
http://www.vupen.com/english/advisories/2010/1057 vdb entry broken link
https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E third party advisory mailing list
https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E third party advisory mailing list
https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E third party advisory mailing list
https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E third party advisory mailing list
https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E third party advisory mailing list
https://lists.apache.org/thread.html/reb7c64aeea604bf948467d9d1cab8ff23fa7d002be1964bcc275aae7%40%3Ccvs.httpd.apache.org%3E third party advisory mailing list
https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E third party advisory mailing list
https://lists.apache.org/thread.html/r2295080a257bad27ea68ca0af12fc715577f9e84801eae116a33107e%40%3Ccvs.httpd.apache.org%3E third party advisory mailing list
https://lists.apache.org/thread.html/rad2acee3ab838b52c04a0698b1728a9a43467bf365bd481c993c535d%40%3Ccvs.httpd.apache.org%3E third party advisory mailing list
https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E third party advisory mailing list
https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E third party advisory mailing list
https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E third party advisory mailing list

Frequently Asked Questions

What is the severity of CVE-2010-0408?
CVE-2010-0408 has been scored as a medium severity vulnerability.
How to fix CVE-2010-0408?
To fix CVE-2010-0408, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2010-0408 being actively exploited in the wild?
It is possible that CVE-2010-0408 is being exploited or will be exploited in a near future based on public information. According to its EPSS score, there is a ~25% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.