CVE-2010-0010

Name of the Vulnerable Software and Affected Versions Apache HTTP Server versions prior to 1.3.42

Description The issue is related to an integer overflow in the ap proxy send fb function in mod proxy, which can cause a denial of service or possibly execute arbitrary code via a large chunk size that triggers a heap-based buffer overflow. This is due to an incorrect conversion between numeric types, affecting some 64-bit architecture systems. A malicious HTTP server could use this flaw to trigger a heap buffer overflow in an httpd child process via a carefully crafted response.

Recommendations For Apache HTTP Server versions prior to 1.3.42, update to version 1.3.42 or later to resolve the issue. As a temporary workaround, consider restricting access to the mod proxy module to minimize the risk of exploitation.