Apache 1.3.x < 1.3.42 mod_proxy Integer Overflow

Critical Nessus Plugin ID 44589


The remote web server may be affected by an integer overflow vulnerability.


According to its banner, the version of Apache 1.3.x running on the remote host is prior 1.3.42. It is, therefore, potentially affected by an integer overflow vulnerability in the mod_proxy Apache module.
A remote attacker can exploit this to cause a denial of service condition or to execute arbitrary code.

Note that successful exploitation is possible only on platforms where sizeof(int) < sizeof(long), such as 64-bit architectures.

Also note that version 1.3.42 is the final release of Apache 1.3.


Upgrade to Apache version 1.3.42 or later. Alternatively, disable mod_proxy.

See Also




Plugin Details

Severity: Critical

ID: 44589

File Name: apache_1_3_42.nasl

Version: $Revision: 1.14 $

Type: remote

Family: Web Servers

Published: 2010/02/11

Modified: 2018/01/22

Dependencies: 48204, 10195

Risk Information

Risk Factor: Critical


Base Score: 10

Temporal Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:POC/RL:OF/RC:C


Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Vulnerability Information

CPE: cpe:/a:apache:http_server

Required KB Items: installed_sw/Apache

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2010/01/27

Vulnerability Publication Date: 2010/01/27

Reference Information

CVE: CVE-2010-0010

BID: 37966

OSVDB: 62009

Secunia: 38319

CWE: 189