| Name | CVE-2010-0010 |
| Description | Integer overflow in the ap_proxy_send_fb function in proxy/proxy_util.c in mod_proxy in the Apache HTTP Server before 1.3.42 on 64-bit platforms allows remote origin servers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a large chunk size that triggers a heap-based buffer overflow. |
| Source | CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more) |
The information below is based on the following data on fixed versions.
| Package | Type | Release | Fixed Version | Urgency | Origin | Debian Bugs |
|---|
| apache | source | (unstable) | (unfixed) | low | | |
Notes
Exploitability is fairly limited: Can only be exploited by a malicious server,
not by a client. No sane person uses apache 1.3 as forward proxy and in reverse
proxy situations, the backend server is usually trusted, anyway.