mirror of
https://github.com/0xMarcio/cve.git
synced 2025-12-16 20:27:21 +00:00
1.7 KiB
1.7 KiB
CVE-2010-0434
Description
The ap_read_request function in server/protocol.c in the Apache HTTP Server 2.2.x before 2.2.15, when a multithreaded MPM is used, does not properly handle headers in subrequests in certain circumstances involving a parent request that has a body, which might allow remote attackers to obtain sensitive information via a crafted request that triggers access to memory locations associated with an earlier request.
POC
Reference
- http://www-01.ibm.com/support/docview.wss?uid=swg1PM15829
- http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html
Github
- https://github.com/ARPSyndicate/cvemon
- https://github.com/DButter/whitehat_public
- https://github.com/Dokukin1/Metasploitable
- https://github.com/GiJ03/ReconScan
- https://github.com/Iknowmyname/Nmap-Scans-M2
- https://github.com/Live-Hack-CVE/CVE-2010-0434
- https://github.com/MrFrozenPepe/Pentest-Cheetsheet
- https://github.com/NikulinMS/13-01-hw
- https://github.com/RoliSoft/ReconScan
- https://github.com/SecureAxom/strike
- https://github.com/Zhivarev/13-01-hw
- https://github.com/issdp/test
- https://github.com/kasem545/vulnsearch
- https://github.com/matoweb/Enumeration-Script
- https://github.com/smabramov/Vulnerabilities-and-attacks-on-information-systems
- https://github.com/xxehacker/strike
- https://github.com/zzzWTF/db-13-01