Signature Detail
Short Name |
HTTP:APACHE:MOD-ISAPI-RCE |
|---|---|
Severity |
Critical |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
Apache HTTP Server mod_isapi Dangling Pointer Remote Code Execution |
Release Date |
2010/10/13 |
Update Number |
1791 |
Supported Platforms |
idp-4.0+, isg-3.1.134269+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
HTTP: Apache HTTP Server mod_isapi Dangling Pointer Remote Code Execution
This signature detects attempts to exploit a known code execution vulnerability in Apache HTTP server. It is due an error in the mod_isapi when processing maliciously crafted HTTP requests. An attacker can exploit this to cause a memory corruption by sending a crafted HTTP request to a target server. A successful attack can lead to the execution of arbitrary code on the target server. The behavior of the target server depends entirely on the intention of the malicious code. The code executes within the security context of the affected service, which is SYSTEM. In an unsuccessful attack, the target server can terminate abnormally, resulting in a denial-of-service condition.
Extended Description
Apache is prone to a memory-corruption vulnerability. Attackers can leverage this vulnerability to execute arbitrary code with SYSTEM privileges; failed attacks may result in denial-of-service conditions. Apache versions prior to 2.2.15 are affected.
Affected Products
- Apache Software Foundation Apache 2.0.37
- Apache Software Foundation Apache 2.0.38
- Apache Software Foundation Apache 2.0.39
- Apache Software Foundation Apache 2.0.40
- Apache Software Foundation Apache 2.0.41
- Apache Software Foundation Apache 2.0.42
- Apache Software Foundation Apache 2.0.43
- Apache Software Foundation Apache 2.0.44
- Apache Software Foundation Apache 2.0.45
- Apache Software Foundation Apache 2.0.46
- Apache Software Foundation Apache 2.0.47
- Apache Software Foundation Apache 2.0.48
- Apache Software Foundation Apache 2.0.49
- Apache Software Foundation Apache 2.0.50
- Apache Software Foundation Apache 2.0.51
- Apache Software Foundation Apache 2.0.52
- Apache Software Foundation Apache 2.0.53
- Apache Software Foundation Apache 2.0.54
- Apache Software Foundation Apache 2.0.55
- Apache Software Foundation Apache 2.0.56 -Dev
- Apache Software Foundation Apache 2.0.57
- Apache Software Foundation Apache 2.0.58
- Apache Software Foundation Apache 2.0.59
- Apache Software Foundation Apache 2.0.60-Dev
- Apache Software Foundation Apache 2.0.61-Dev
- Apache Software Foundation Apache 2.0.62-Dev
- Apache Software Foundation Apache 2.0.63
- Apache Software Foundation Apache 2.2
- Apache Software Foundation Apache 2.2.0
- Apache Software Foundation Apache 2.2.1
- Apache Software Foundation Apache 2.2.10
- Apache Software Foundation Apache 2.2.11
- Apache Software Foundation Apache 2.2.12
- Apache Software Foundation Apache 2.2.13
- Apache Software Foundation Apache 2.2.14
- Apache Software Foundation Apache 2.2.2
- Apache Software Foundation Apache 2.2.3
- Apache Software Foundation Apache 2.2.4
- Apache Software Foundation Apache 2.2.5
- Apache Software Foundation Apache 2.2.5-Dev
- Apache Software Foundation Apache 2.2.6
- Apache Software Foundation Apache 2.2.6-Dev
- Apache Software Foundation Apache 2.2.7-Dev
- Apache Software Foundation Apache 2.2.8
- Apache Software Foundation Apache 2.2.9
- Avaya Aura Application Enablement Services 4.0
- Avaya Aura Application Enablement Services 4.0.1
- Avaya Aura Application Enablement Services 4.1
- Avaya Aura Application Enablement Services 4.2
- Avaya Aura Application Enablement Services 4.2.1
- Avaya Aura Application Enablement Services 4.2.2
- Avaya Aura Application Enablement Services 5.2
- Avaya Aura Session Manager 1.1
- Avaya Aura Session Manager 5.2
- Avaya Aura SIP Enablement Services 3.1
- Avaya Aura SIP Enablement Services 4.0
- Avaya Aura SIP Enablement Services 5.0
- Avaya Aura SIP Enablement Services 5.1
- Avaya Aura SIP Enablement Services 5.2
- Avaya Communication Manager 4.0
- Avaya Communication Manager 4.0.3 SP1
- Avaya Communication Manager 5.0
- Avaya Communication Manager 5.0 SP3
- Avaya Communication Manager 5.1
- Avaya Communication Manager 5.1.2
- Avaya Communication Manager 5.2
- Avaya Intuity AUDIX LX 2.0
- Avaya Intuity AUDIX LX 2.0 SP1
- Avaya Intuity AUDIX LX 2.0 SP2
- Avaya Meeting Exchange 5.0
- Avaya Meeting Exchange 5.0 SP1
- Avaya Meeting Exchange 5.0 SP2
- Avaya Meeting Exchange 5.1
- Avaya Meeting Exchange 5.1 SP1
- Avaya Meeting Exchange 5.2
- Avaya Meeting Exchange 5.2 SP1
- Avaya Message Networking 3.1
- Avaya Message Networking 5.2
- Avaya Voice Portal 4.0
- Avaya Voice Portal 4.1
- Avaya Voice Portal 4.1 SP1
- Avaya Voice Portal 4.1 SP2
- Avaya Voice Portal 5.0
- Avaya Voice Portal 5.1
- Blue Coat Systems Director 4.2.2.4
- Blue Coat Systems Director 5.2.2.5
- Blue Coat Systems Director 5.4
- Blue Coat Systems Director 5.5
- Blue Coat Systems Director
- Fujitsu INTERSTAGE Application Server Enterprise Edition 9.0.0
- Fujitsu INTERSTAGE Application Server Enterprise Edition 9.0.0A
- Fujitsu INTERSTAGE Application Server Enterprise Edition 9.1.0
- Fujitsu INTERSTAGE Application Server Enterprise Edition 9.1.0B
- Fujitsu INTERSTAGE Application Server Enterprise Edition 9.2.0
- Fujitsu INTERSTAGE Application Server Standard-J Edition 9.0.0
- Fujitsu INTERSTAGE Application Server Standard-J Edition 9.0.0A
- Fujitsu INTERSTAGE Application Server Standard-J Edition 9.0.0 B
- Fujitsu INTERSTAGE Application Server Standard-J Edition 9.1.0
- Fujitsu INTERSTAGE Application Server Standard-J Edition 9.1.0B
- Fujitsu INTERSTAGE Application Server Standard-J Edition 9.2.0
- Fujitsu INTERSTAGE Studio Enterprise Edition 9.0.0
- Fujitsu INTERSTAGE Studio Enterprise Edition 9.1.0
- Fujitsu INTERSTAGE Studio Enterprise Edition 9.1.0 B
- Fujitsu INTERSTAGE Studio Enterprise Edition 9.2.0
- Fujitsu INTERSTAGE Studio Standard-J Edition 9.0.0
- Fujitsu INTERSTAGE Studio Standard-J Edition 9.1.0
- Fujitsu INTERSTAGE Studio Standard-J Edition 9.1.0 B
- Fujitsu INTERSTAGE Studio Standard-J Edition 9.2.0
- Gentoo Linux
- IBM HTTP Server 2.0.47
- IBM HTTP Server 2.0.47 .1
- IBM HTTP Server 6.1.0
- IBM Websphere Application Server 6.1.0
- IBM Websphere Application Server 6.1.0.1
- IBM Websphere Application Server 6.1.0.10
- IBM Websphere Application Server 6.1.0.11
- IBM Websphere Application Server 6.1.0.12
- IBM Websphere Application Server 6.1.0.13
- IBM Websphere Application Server 6.1.0.14
- IBM Websphere Application Server 6.1.0.15
- IBM Websphere Application Server 6.1.0.17
- IBM Websphere Application Server 6.1.0.18
- IBM Websphere Application Server 6.1.0.19
- IBM Websphere Application Server 6.1.0.2
- IBM Websphere Application Server 6.1.0.20
- IBM Websphere Application Server 6.1.0.21
- IBM Websphere Application Server 6.1.0.22
- IBM Websphere Application Server 6.1.0.23
- IBM Websphere Application Server 6.1.0.25
- IBM Websphere Application Server 6.1.0.27
- IBM Websphere Application Server 6.1.0.29
- IBM Websphere Application Server 6.1.0.3
- IBM Websphere Application Server 6.1.0.4
- IBM Websphere Application Server 6.1.0.5
- IBM Websphere Application Server 6.1.0.6
- IBM Websphere Application Server 6.1.0.7
- IBM Websphere Application Server 6.1.0.8
- IBM Websphere Application Server 6.1.0.9
- IBM Websphere Application Server 7.0
- IBM Websphere Application Server 7.0.0.1
- IBM Websphere Application Server 7.0.0.3
- IBM Websphere Application Server 7.0.0.5
- IBM Websphere Application Server 7.0.0.7
- IBM Websphere Application Server 7.0.0.8
- IBM Websphere Application Server 7.0.0.9
- Kolab Kolab Groupware Server 2.2.0
- Kolab Kolab Groupware Server 2.2.2
- Kolab Kolab Groupware Server 2.2.3
- Kolab Kolab Groupware Server 2.2 Beta1
- Kolab Kolab Groupware Server 2.2 Beta3
- Kolab Kolab Groupware Server 2.2-Rc1
- Kolab Kolab Groupware Server 2.2 -Rc2
- Kolab Kolab Groupware Server 2.2-Rc3
- Red Hat Certificate Server 7.3
- Red Hat Fedora 11
- Red Hat JBoss Enterprise Web Server for RHEL 4 AS 1.0.0
- Red Hat JBoss Enterprise Web Server for RHEL 4 ES 1.0.0
- Red Hat JBoss Enterprise Web Server for RHEL 5 Server 1.0.0
- rPath Appliance Platform Linux Service 1
- rPath rPath Linux 1
- Slackware Linux 12.0
- Slackware Linux 12.1
- Slackware Linux 12.2
- Slackware Linux 13.0
- Slackware Linux 13.0 X86 64
- Slackware Linux -Current
- Slackware Linux X86 64 -Current
- Sun OpenSolaris Build Snv 01
- Sun OpenSolaris Build Snv 02
- Sun OpenSolaris Build Snv 100
- Sun OpenSolaris Build Snv 101
- Sun OpenSolaris Build Snv 101A
- Sun OpenSolaris Build Snv 102
- Sun OpenSolaris Build Snv 103
- Sun OpenSolaris Build Snv 104
- Sun OpenSolaris Build Snv 105
- Sun OpenSolaris Build Snv 106
- Sun OpenSolaris Build Snv 107
- Sun OpenSolaris Build Snv 108
- Sun OpenSolaris Build Snv 109
- Sun OpenSolaris Build Snv 110
- Sun OpenSolaris Build Snv 111
- Sun OpenSolaris Build Snv 111A
- Sun OpenSolaris Build Snv 111B
- Sun OpenSolaris Build Snv 13
- Sun OpenSolaris Build Snv 19
- Sun OpenSolaris Build Snv 22
- Sun OpenSolaris Build Snv 28
- Sun OpenSolaris Build Snv 29
- Sun OpenSolaris Build Snv 35
- Sun OpenSolaris Build Snv 36
- Sun OpenSolaris Build Snv 37
- Sun OpenSolaris Build Snv 38
- Sun OpenSolaris Build Snv 39
- Sun OpenSolaris Build Snv 41
- Sun OpenSolaris Build Snv 45
- Sun OpenSolaris Build Snv 47
- Sun OpenSolaris Build Snv 48
- Sun OpenSolaris Build Snv 49
- Sun OpenSolaris Build Snv 50
- Sun OpenSolaris Build Snv 51
- Sun OpenSolaris Build Snv 54
- Sun OpenSolaris Build Snv 56
- Sun OpenSolaris Build Snv 57
- Sun OpenSolaris Build Snv 58
- Sun OpenSolaris Build Snv 59
- Sun OpenSolaris Build Snv 61
- Sun OpenSolaris Build Snv 64
- Sun OpenSolaris Build Snv 67
- Sun OpenSolaris Build Snv 68
- Sun OpenSolaris Build Snv 71
- Sun OpenSolaris Build Snv 74
- Sun OpenSolaris Build Snv 76
- Sun OpenSolaris Build Snv 77
- Sun OpenSolaris Build Snv 78
- Sun OpenSolaris Build Snv 80
- Sun OpenSolaris Build Snv 81
- Sun OpenSolaris Build Snv 82
- Sun OpenSolaris Build Snv 83
- Sun OpenSolaris Build Snv 84
- Sun OpenSolaris Build Snv 85
- Sun OpenSolaris Build Snv 86
- Sun OpenSolaris Build Snv 87
- Sun OpenSolaris Build Snv 88
- Sun OpenSolaris Build Snv 89
- Sun OpenSolaris Build Snv 90
- Sun OpenSolaris Build Snv 91
- Sun OpenSolaris Build Snv 92
- Sun OpenSolaris Build Snv 93
- Sun OpenSolaris Build Snv 94
- Sun OpenSolaris Build Snv 95
- Sun OpenSolaris Build Snv 96
- Sun OpenSolaris Build Snv 98
- Sun OpenSolaris Build Snv 99
- Sun OpenSolaris
- Sun Solaris 10 Sparc
- Sun Solaris 10 X86
- VMWare ACE Management Server (AMS) for Windows
References
- BugTraq: 38494
- CVE: CVE-2010-0425