Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

Apache 2.2.14 mod_isapi Dangling Pointer

Description

This alert was generated using only banner information. It may be a false positive.

By sending a specially crafted request followed by a reset packet it is possible to trigger a vulnerability in Apache mod_isapi that will unload the target ISAPI module from memory. However function pointers still remain in memory and are called when published ISAPI functions are referenced. This results in a dangling pointer vulnerability.

Affected Apache versions (up to 2.2.14 on Windows platform).

Remediation

Upgrade Apache to the latest version.

References

Apache 2.2.14 mod_isapi Dangling Pointer

Apache homepage

Related Vulnerabilities

Joomla Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-16633)

Caddy Web Server Uncontrolled Resource Consumption Vulnerability (CVE-2023-44487)

WordPress Plugin Testimonial Slider Cross-Site Scripting (1.2.1)

WordPress Plugin Brandfolder-Digital Asset Management Simplified Local/Remote File Inclusion (3.0)

WordPress Plugin Doctor Appointment Booking Multiple Vulnerabilities (1.0.0)

Severity

High

Classification

CVE-2010-0425 CWE-20 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

Tags

Code Execution Missing Update