Orange Business Services
Vigil@nce Vigil@nce Vigil@nce
we track for your security since 1999
 home presentation vulnerabilities documentation contact  
subscriber area subscriber area
free access free access
Vigil@nce team describes computer vulnerabilities impacting your systems, and offers solutions to correct them.
recent vulnerabilities recent vulnerabilities
tracked products tracked products
RSS feed RSS feed
vulnerability

vulnerability CVE-2010-0434

Apache httpd: information disclosure via SubRequest

Synthesis of the vulnerability

When Apache httpd uses a SubRequest and a multi-threaded MPM, session data can be returned to another user.
Severity: 2/4.
Creation date: 03/03/2010.

Description of the vulnerability

The MPM (Multi-Processing Module) feature of Apache httpd 2 defines how clients sessions are handled. Several modules are available:
 - prefork: multi-process, but no thread (similar to httpd 1.3)
 - worker: multi-process and multi-thread
 - mpm_winnt : multi-thread optimized for Windows
 - mpmt_os2: multi-process and multi-thread optimized for OS/2
 - etc.
The administrator choses the module during Apache server compilation.

Apache uses "SubRequest" to simulate a new client query. SubRequests are for example used for error management or for url rewriting.

When Apache manages a SubRequest, it copies references to headers, instead of copying headers. If a multi-threaded MPM is used, these reference can then point to data belonging to another session.

When Apache httpd uses a SubRequest and a multi-threaded MPM, session data can therefore be returned to another user.

Complete Vigil@nce bulletin

Access to the complete Vigil@nce bulletin

Characteristics

Title: Apache httpd: information disclosure via SubRequest.
Keywords: Apache MPM Module Multi-Processing SubRequest Windows disclosure httpd information mpm_winnt mpmt_os2 ubRequests.
Identifiers: 48359, BID-38494, BID-38580, c02160663, CVE-2010-0434, DSA-2035-1, FEDORA-2010-6055, FEDORA-2010-6131, HPSBUX02531, MDVSA-2010:057, RHSA-2010:0168-01, RHSA-2010:0175-01, RHSA-2010:0396-01, SSRT100108, SUSE-SR:2010:010, VIGILANCE-VUL-9490.
Pointed by: VIGILANCE-VUL-9552, VIGILANCE-VUL-9625, VIGILANCE-VUL-9654.

Information sources

Publications and announces
Source example: Bug 48359 : Buffer overflow related to setting RequestHeader

Solutions for this vulnerability

Patch or workaround

Computer vulnerabilities tracking service

The Vigil@nce computer vulnerability tracking service alerts your teams of vulnerabilities or threats impacting your information system.
The Vigil@nce vulnerability database contains several thousand vulnerabilities.
This bulletin is published by the Vigil@nce team, which tracks computer vulnerabilities impacting systems and applications.
Security vulnerability alerts



















France Télécom Copyright 1999-2010 Vigil@nce. Vigil@nce is a service from Orange Business Services. Site map. Legal notice. Version française