← back
CVE-2010-0425

CVE-2010-0425

EPSS 94.2%
Vexday Risk Score
60Attention
SSVC decision (CISA)
Attend
PoC available → attend closely
Exploit maturity
Functional exploit
Automatable exploit available (Nuclei/Metasploit).
CVSS EPSS 94.2%KEV nãoPoC públicaNuclei Metasploit simPatch referenciado
Lifecycle
05 Mar 2010Metasploit module available
05 Mar 2010Published on NVD
Recommendation: Plan a near-term fix — a public PoC already exists.
modules/arch/win32/mod_isapi.c in mod_isapi in the Apache HTTP Server 2.0.37 through 2.0.63, 2.2.0 through 2.2.14, and 2.3.x before 2.3.7, when running on Windows, does not ensure that request processing is complete before calling isapi_unload for an ISAPI .dll module, which allows remote attackers to execute arbitrary code via unspecified vectors related to a crafted request, a reset packet, and "orphaned callback pointers."
Affected products
n/a · n/a
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.