Endpoint Vulnerability

Apache Httpd - important:mod_isapi module unload flaw(CVE-2010-0425)


A flaw was found with within mod_isapi which would attempt to unload the ISAPI dll when it encountered various error states. This could leave the callbacks in an undefined state and result in a segfault. On Windows platforms using mod_isapi, a remote attacker could send a malicious request to trigger this issue, and as win32 MPM runs only one process, this would result in a denial of service, and potentially allow arbitrary code execution.

Affected Products

Apache Httpd