CVE-2010-0425

Name of the Vulnerable Software and Affected Versions Apache HTTP Server versions 2.0.37 through 2.0.63 Apache HTTP Server versions 2.2.0 through 2.2.14 Apache HTTP Server versions 2.3.x before 2.3.7

Description The issue is related to the mod isapi module in the Apache HTTP Server, which does not ensure that request processing is complete before unloading an ISAPI .dll module. This can be exploited by remote attackers via crafted requests, potentially allowing arbitrary code execution. On Windows platforms, this flaw can also result in a denial of service due to the win32 MPM running only one process.

Recommendations For Apache HTTP Server versions 2.0.37 through 2.0.63, update to a version after 2.0.63 or apply a patch to fix the issue. For Apache HTTP Server versions 2.2.0 through 2.2.14, update to a version after 2.2.14 or apply a patch to fix the issue. For Apache HTTP Server versions 2.3.x before 2.3.7, update to version 2.3.7 or later to resolve the issue. As a temporary workaround, consider disabling the mod isapi module until a patch is available.