Vulnerability Description
A flaw was found in the mod_fcgid module of httpd. A malformed FastCGI response may result in a stack-based buffer overflow in the modules/fcgid/fcgid_bucket.c file in the fcgid_header_bucket_read() function, resulting in an application crash.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Apache | Mod Fcgid | <= 2.3.5 |
Related Weaknesses (CWE)
References
- http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050930.h
- http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050932.h
- http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050976.h
- http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00004.html
- http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00005.html
- http://osvdb.org/69275
- http://secunia.com/advisories/42288Vendor Advisory
- http://secunia.com/advisories/42302Vendor Advisory
- http://secunia.com/advisories/42815
- http://www.debian.org/security/2010/dsa-2140
- http://www.gossamer-threads.com/lists/apache/announce/391406
- http://www.securityfocus.com/bid/44900
- http://www.vupen.com/english/advisories/2010/2997Vendor Advisory
- http://www.vupen.com/english/advisories/2010/2998Vendor Advisory
- http://www.vupen.com/english/advisories/2011/0031
FAQ
What is CVE-2010-3872?
CVE-2010-3872 is a vulnerability with a CVSS score of 7.5 (HIGH). A flaw was found in the mod_fcgid module of httpd. A malformed FastCGI response may result in a stack-based buffer overflow in the modules/fcgid/fcgid_bucket.c file in the fcgid_header_bucket_read() f...
How severe is CVE-2010-3872?
CVE-2010-3872 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2010-3872?
Check the references section above for vendor advisories and patch information. Affected products include: Apache Mod Fcgid.