CVE-2010-0408

Publication date 5 March 2010

Last updated 24 July 2024

Ubuntu priority

Medium

Why this priority?

The ap_proxy_ajp_request function in mod_proxy_ajp.c in mod_proxy_ajp in the Apache HTTP Server 2.2.x before 2.2.15 does not properly handle certain situations in which a client sends no request body, which allows remote attackers to cause a denial of service (backend server outage) via a crafted request, related to use of a 500 error code instead of the appropriate 400 error code.

Read the notes from the security team

Status

Package Ubuntu Release Status
apache2 9.10 karmic
Fixed 2.2.12-1ubuntu2.2
9.04 jaunty
Fixed 2.2.11-2ubuntu2.6
8.10 intrepid
Fixed 2.2.9-7ubuntu3.6
8.04 LTS hardy
Fixed 2.2.8-1ubuntu0.15
6.06 LTS dapper
Not affected

Notes

mdeslaur

Apache 2.0 doesn't have mod_proxy_ajp

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package Patch details
apache2

References

Related Ubuntu Security Notices (USN)

    • USN-908-1
    • Apache vulnerabilities
    • 10 March 2010

Other references