What is the severity of CVE-2010-0425?

CVE-2010-0425 is classified as a significant vulnerability that can lead to arbitrary code execution on vulnerable systems.

How do I fix CVE-2010-0425?

To fix CVE-2010-0425, upgrade Apache HTTP Server to version 2.3.7 or later.

Which versions of Apache HTTP Server are affected by CVE-2010-0425?

CVE-2010-0425 affects Apache HTTP Server versions 2.0.37 through 2.0.63, and 2.2.0 through 2.2.14.

What type of systems are primarily affected by CVE-2010-0425?

CVE-2010-0425 primarily affects Apache HTTP Server running on Windows systems.

Is CVE-2010-0425 a remote attack vector?

Yes, CVE-2010-0425 allows remote attackers to exploit the vulnerability.

Vulnerability/
CVE-2010-0425

critical

CWE

5/3/2010

11/4/2025

CVE-2010-0425

First published: Fri Mar 05 2010(Updated: )

modules/arch/win32/mod_isapi.c in mod_isapi in the Apache HTTP Server 2.0.37 through 2.0.63, 2.2.0 through 2.2.14, and 2.3.x before 2.3.7, when running on Windows, does not ensure that request processing is complete before calling isapi_unload for an ISAPI .dll module, which allows remote attackers to execute arbitrary code via unspecified vectors related to a crafted request, a reset packet, and "orphaned callback pointers."

Credit: secalert@redhat.com

Affected Software	Affected Version	How to fix
Apache Http Server	=2.3.0
Apache Http Server	=2.3.1
Apache Http Server	=2.3.2
Apache Http Server	=2.3.3
Apache Http Server	=2.3.4
Apache Http Server	=2.3.5
Apache Http Server	=2.3.6
Microsoft Windows Operating System
Apache Http Server	=2.0.9
Apache Http Server	=2.0.28
Apache Http Server	=2.0.28-beta
Apache Http Server	=2.0.32
Apache Http Server	=2.0.32-beta
Apache Http Server	=2.0.34-beta
Apache Http Server	=2.0.35
Apache Http Server	=2.0.36
Apache Http Server	=2.0.37
Apache Http Server	=2.0.38
Apache Http Server	=2.0.39
Apache Http Server	=2.0.40
Apache Http Server	=2.0.41
Apache Http Server	=2.0.42
Apache Http Server	=2.0.43
Apache Http Server	=2.0.44
Apache Http Server	=2.0.45
Apache Http Server	=2.0.46
Apache Http Server	=2.0.47
Apache Http Server	=2.0.48
Apache Http Server	=2.0.49
Apache Http Server	=2.0.50
Apache Http Server	=2.0.51
Apache Http Server	=2.0.52
Apache Http Server	=2.0.53
Apache Http Server	=2.0.54
Apache Http Server	=2.0.55
Apache Http Server	=2.0.56
Apache Http Server	=2.0.57
Apache Http Server	=2.0.58
Apache Http Server	=2.0.59
Apache Http Server	=2.0.60
Apache Http Server	=2.0.61
Apache Http Server	=2.0.63
Apache Http Server
Apache Http Server	=2.2.0
Apache Http Server	=2.2.1
Apache Http Server	=2.2.2
Apache Http Server	=2.2.3
Apache Http Server	=2.2.4
Apache Http Server	=2.2.6
Apache Http Server	=2.2.7
Apache Http Server	=2.2.8
Apache Http Server	=2.2.9
Apache Http Server	=2.2.10
Apache Http Server	=2.2.11
Apache Http Server	=2.2.12
Apache Http Server	=2.2.13
Apache Http Server	=2.2.14
All of
Any of
	=2.3.0
	=2.3.1
	=2.3.2
	=2.3.3
	=2.3.4
	=2.3.5
	=2.3.6

All of
Any of
	=2.0.9
	=2.0.28
	=2.0.28-beta
	=2.0.32
	=2.0.32-beta
	=2.0.34-beta
	=2.0.35
	=2.0.36
	=2.0.37
	=2.0.38
	=2.0.39
	=2.0.40
	=2.0.41
	=2.0.42
	=2.0.43
	=2.0.44
	=2.0.45
	=2.0.46
	=2.0.47
	=2.0.48
	=2.0.49
	=2.0.50
	=2.0.51
	=2.0.52
	=2.0.53
	=2.0.54
	=2.0.55
	=2.0.56
	=2.0.57
	=2.0.58
	=2.0.59
	=2.0.60
	=2.0.61
	=2.0.63

All of
Any of

	=2.2.0
	=2.2.1
	=2.2.2
	=2.2.3
	=2.2.4
	=2.2.6
	=2.2.7
	=2.2.8
	=2.2.9
	=2.2.10
	=2.2.11
	=2.2.12
	=2.2.13
	=2.2.14

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2010-0425?
CVE-2010-0425 is classified as a significant vulnerability that can lead to arbitrary code execution on vulnerable systems.
How do I fix CVE-2010-0425?
To fix CVE-2010-0425, upgrade Apache HTTP Server to version 2.3.7 or later.
Which versions of Apache HTTP Server are affected by CVE-2010-0425?
CVE-2010-0425 affects Apache HTTP Server versions 2.0.37 through 2.0.63, and 2.2.0 through 2.2.14.
What type of systems are primarily affected by CVE-2010-0425?
CVE-2010-0425 primarily affects Apache HTTP Server running on Windows systems.
Is CVE-2010-0425 a remote attack vector?
Yes, CVE-2010-0425 allows remote attackers to exploit the vulnerability.

collector/nvd-historical
agent/type
agent/references
agent/severity
agent/weakness
agent/description
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/first-publish-date
agent/event
agent/source
agent/author
collector/nvd-index
agent/software-canonical-lookup-request
agent/softwarecombine
agent/tags
collector/nvd-api
source/NVD
vendor/apache
canonical/apache http server
version/apache http server/2.3.0
version/apache http server/2.3.1
version/apache http server/2.3.2
version/apache http server/2.3.3
version/apache http server/2.3.4
version/apache http server/2.3.5
version/apache http server/2.3.6
vendor/microsoft
canonical/microsoft windows operating system
version/apache http server/2.0.9
version/apache http server/2.0.28
version/apache http server/2.0.28-beta
version/apache http server/2.0.32
version/apache http server/2.0.32-beta
version/apache http server/2.0.34-beta
version/apache http server/2.0.35
version/apache http server/2.0.36
version/apache http server/2.0.37
version/apache http server/2.0.38
version/apache http server/2.0.39
version/apache http server/2.0.40
version/apache http server/2.0.41
version/apache http server/2.0.42
version/apache http server/2.0.43
version/apache http server/2.0.44
version/apache http server/2.0.45
version/apache http server/2.0.46
version/apache http server/2.0.47
version/apache http server/2.0.48
version/apache http server/2.0.49
version/apache http server/2.0.50
version/apache http server/2.0.51
version/apache http server/2.0.52
version/apache http server/2.0.53
version/apache http server/2.0.54
version/apache http server/2.0.55
version/apache http server/2.0.56
version/apache http server/2.0.57
version/apache http server/2.0.58
version/apache http server/2.0.59
version/apache http server/2.0.60
version/apache http server/2.0.61
version/apache http server/2.0.63
version/apache http server/2.2.0
version/apache http server/2.2.1
version/apache http server/2.2.2
version/apache http server/2.2.3
version/apache http server/2.2.4
version/apache http server/2.2.6
version/apache http server/2.2.7
version/apache http server/2.2.8
version/apache http server/2.2.9
version/apache http server/2.2.10
version/apache http server/2.2.11
version/apache http server/2.2.12
version/apache http server/2.2.13
version/apache http server/2.2.14