FortiClient Vulnerability

Apache Httpd CVE-2010-0434 Information Disclosure Vulnerability

Description

A flaw in the core subrequest process code was fixed, to always provide a shallow copy of the headers_in array to the subrequest, instead of a pointer to the parent request's array as it had for requests without request bodies. This meant all modules such as mod_headers which may manipulate the input headers for a subrequest would poison the parent request in two ways, one by modifying the parent request, which might not be intended, and second by leaving pointers to modified header fields in memory allocated to the subrequest scope, which could be freed before the main request processing was finished, resulting in a segfault or in revealing data from another request on threaded servers, such as the worker or winnt MPMs.

Affected Applications

Apache Httpd

CVE References

CVE-2010-0434

Other References

https://httpd.apache.org/security/

ID	41700
Created	Jan 17, 2020
Description Updated	Dec 14, 2023
Risk
Coverage	FortiClient
OS	Linux
Vendor	Apache
Patch	manual
Application	Apache Httpd

Protect

Detect

Respond

Recover

Identify

Network Security

Endpoint Security

Application Security

Security Operations

FortiClient Vulnerability

Apache Httpd CVE-2010-0434 Information Disclosure Vulnerability

Description

Affected Applications

CVE References

Other References

News/Research

Research Center

PSIRT Center

Services

By Outbreak

By Solution

By Product

Protect

Detect

Respond

Recover

Identify

Network Security

Endpoint Security

Application Security

Security Operations

Threat Intelligence Center

Resource Center

About

FortiGuard Labs

Partners

FortiClient Vulnerability

Apache Httpd CVE-2010-0434 Information Disclosure Vulnerability

Description

Affected Applications

CVE References

Other References

Threat Intelligence
Center