Home > Vulnerability Database > CVE-2010-3872

Mend.io Vulnerability Database

CVE-2010-3872

Date: November 20, 2010

The fcgid_header_bucket_read function in fcgid_bucket.c in the mod_fcgid module before 2.3.6 for the Apache HTTP Server does not use bytewise pointer arithmetic in certain circumstances, which has unspecified impact and attack vectors related to "untrusted FastCGI applications" and a "stack buffer overwrite."

Severity Score

7.5

Related Resources (23)

Url: http://osvdb.org/69275

Url: https://nvd.nist.gov/vuln/detail/CVE-2010-3872

Url: http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050976.html

Url: http://secunia.com/advisories/42815

Url: http://www.securityfocus.com/bid/44900

Url: http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050932.html

Url: https://exchange.xforce.ibmcloud.com/vulnerabilities/63303

Url: http://www.vupen.com/english/advisories/2010/2998

Url: https://bugzilla.redhat.com/show_bug.cgi?id=2248172

Url: http://www.vupen.com/english/advisories/2010/2997

Url: http://www.gossamer-threads.com/lists/apache/announce/391406

Url: http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00004.html

Url: https://issues.apache.org/bugzilla/show_bug.cgi?id=49406

Url: http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050930.html

Url: https://access.redhat.com/security/cve/CVE-2010-3872

Url: https://github.com/apache/httpd-mod_fcgid/commit/b1afa70840b4ab4e6fbc12ac8798b2f3ccc336b2

Url: http://www.debian.org/security/2010/dsa-2140

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2010-3872

Url: http://www.vupen.com/english/advisories/2011/0031

Url: http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00005.html

Url: http://secunia.com/advisories/42288

Url: http://secunia.com/advisories/42302

Url: https://www.mend.io/vulnerability-database/CVE-2010-3872

Severity Score

7.5

Weakness Type (CWE)

Numeric Errors

CWE-189

Stack-based Buffer Overflow

CWE-121

CVSS v3.1

Base Score:	7.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	HIGH

CVSS v2

Base Score:	7.2
Access Vector (AV):	LOCAL
Access Complexity (AC):	LOW
Authentication (AU):	NONE
Confidentiality (C):	COMPLETE
Integrity (I):	COMPLETE
Availability (A):	COMPLETE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2010-3872

Date: November 20, 2010

Severity Score

Related Resources (23)

Severity Score

Weakness Type (CWE)

CVSS v3.1

CVSS v2

Do you need more information?