CVE-2010-1452 — MEDIUM (5.0)

Q: What is CVE-2010-1452?

CVE-2010-1452 is a vulnerability with a CVSS score of 5.0 (MEDIUM). The (1) mod_cache and (2) mod_dav modules in the Apache HTTP Server 2.2.x before 2.2.16 allow remote attackers to cause a denial of service (process crash) via a request that lacks a path.

Q: How severe is CVE-2010-1452?

CVE-2010-1452 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2010-1452?

Check the references section above for vendor advisories and patch information. Affected products include: Apache Http Server.

Vulnerability Description

The (1) mod_cache and (2) mod_dav modules in the Apache HTTP Server 2.2.x before 2.2.16 allow remote attackers to cause a denial of service (process crash) via a request that lacks a path.

CVSS Score

5.0

MEDIUM

AV:N/AC:L/Au:N/C:N/I:N/A:P

Confidentiality

NONE

Integrity

NONE

Availability

PARTIAL

Affected Products

Vendor	Product	Versions
Apache	Http Server	>= 2.0.35, < 2.0.64

References

http://blogs.sun.com/security/entry/cve_2010_1452_mod_davBroken LinkThird Party Advisory
http://httpd.apache.org/security/vulnerabilities_22.htmlThird Party Advisory
http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.htmlMailing List
http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00009.htmlBroken Link
http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00008.htmlThird Party Advisory
http://marc.info/?l=apache-announce&m=128009718610929&w=2PatchVendor Advisory
http://marc.info/?l=bugtraq&m=129190899612998&w=2Third Party Advisory
http://marc.info/?l=bugtraq&m=133355494609819&w=2Mailing ListThird Party Advisory
http://secunia.com/advisories/42367Broken LinkThird Party Advisory
http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackwareMailing ListThird Party Advisory
http://support.apple.com/kb/HT4581Third Party AdvisoryVDB Entry
http://ubuntu.com/usn/usn-1021-1Third Party AdvisoryVDB Entry
http://www.redhat.com/support/errata/RHSA-2010-0659.htmlBroken Link
http://www.redhat.com/support/errata/RHSA-2011-0896.htmlBroken Link
http://www.redhat.com/support/errata/RHSA-2011-0897.htmlBroken Link

FAQ

What is CVE-2010-1452?

CVE-2010-1452 is a vulnerability with a CVSS score of 5.0 (MEDIUM). The (1) mod_cache and (2) mod_dav modules in the Apache HTTP Server 2.2.x before 2.2.16 allow remote attackers to cause a denial of service (process crash) via a request that lacks a path.

How severe is CVE-2010-1452?

CVE-2010-1452 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2010-1452?

Check the references section above for vendor advisories and patch information. Affected products include: Apache Http Server.