CVE-2010-0425

Exp

modules/arch/win32/mod_isapi.c in mod_isapi in the Apache HTTP Server 2.0.37 through 2.0.63, 2.2.0 through 2.2.14, and 2.3.x before 2.3.7, when running on Windows, does not ensure that request processing is complete before calling isapi_unload for an ISAPI .dll module, which allows remote attackers to execute arbitrary code via unspecified vectors related to a crafted request, a reset packet, and "orphaned callback pointers."

Published: 2010-03-05 Last update: 2025-07-24 Assigner: [email protected] Source: [email protected]
NVD Status:AnalyzedCVE State: published
View at NVD, CVE.org, EUVD

CVE-2010-0425 is rated High Exploit Risk (90.8/100): CVSS Critical severity, with high exploitation likelihood (EPSS 86.82%, 99th percentile). 2 public exploit reference(s) are indexed (Exploit-DB). EPSS rose +1.05% over the last day, indicating growing attacker interest. Public exploits are available—assess exposure, apply mitigations, and prioritize patching.

Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.

Public exploit references (Exploit-DB) for CVE-2010-0425

EDB-ID Source Kind Published Link
11650 exploit_db edb 2010-03-07 Exploit-DB ↗
nvd_ref exploit_tag Exploit-DB ↗

Exploit prediction scoring system (EPSS) score for CVE-2010-0425

EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).

# Date Old EPSS score New EPSS score Delta (New - Old)
1 2026-03-04 85.77% 86.82% +1.05%
2 2026-03-01 86.82% 85.77% -1.05%
3 2026-02-04 86.82%

Full EPSS history (42 records total)

Common vulnerability scoring system (CVSS) metrics for CVE-2010-0425

CVSS metrics for this CVE.

Base score Version Severity Vector Exploitability Impact Score source
10.0 2.0 HIGH
AV:N/AC:L/Au:N/C:C/I:C/A:C Click to expand
Access vector (AV:N)
Can be exploited remotely over network reachability.
Access complexity (AC:L)
Exploitation conditions are straightforward and predictable.
Authentication (AU:N)
No authentication is required.
Confidentiality impact (C:C)
Complete confidentiality impact.
Integrity impact (I:C)
Complete integrity impact.
Availability impact (A:C)
Complete availability impact.
 10.0 10.0 [email protected]

Weakness enumeration for CVE-2010-0425

OS Trackers for CVE-2010-0425

vendor priority summary link
debian unimportant CVE-2010-0425 unimportant priority: Debian including 1 source packages (apache2), 5 status rows across 5 suites (bookworm, bullseye, forky, sid, trixie): resolved 5. https://security-tracker.debian.org/tracker/CVE-2010-0425
suse critical CVE-2010-0425 severity critical: SUSE including 81 source package names (apache2-2.2.34-70.12.1, apache2-2.4.10-6.1, …), 139 product×package rows across 28 product lines (SUSE Linux Enterprise High Performance Computing 12 SP5, SUSE Linux Enterprise Module for Server Applications 15, … (28 product lines)): Fixed 139. https://www.suse.com/security/cve/CVE-2010-0425/
ubuntu low CVE-2010-0425 low priority: Ubuntu including 1 source packages (apache2), 6 status rows across 6 suites (dapper, hardy, intrepid, jaunty, karmic, upstream): not-affected 5, released 1. https://ubuntu.com/security/CVE-2010-0425

Affected software / configurations for CVE-2010-0425

Vendor Product Version Raw CPE
ibm websphere_application_server >= 6.1, < 6.1.0.31 cpe:2.3:a:ibm:websphere_application_server:*:*:*:*:*:z\/os:*:*
apache http_server >= 2.0.37, < 2.0.64 cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*
apache http_server >= 2.2.0, < 2.2.15 cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*
apache http_server >= 2.3.0, < 2.3.7 cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*
ibm http_server 6.0.2 cpe:2.3:a:ibm:http_server:6.0.2:*:*:*:*:*:*:*
ibm http_server 6.0.2.1 cpe:2.3:a:ibm:http_server:6.0.2.1:*:*:*:*:*:*:*
ibm http_server 6.0.2.3 cpe:2.3:a:ibm:http_server:6.0.2.3:*:*:*:*:*:*:*
ibm http_server 6.0.2.7 cpe:2.3:a:ibm:http_server:6.0.2.7:*:*:*:*:*:*:*
ibm http_server 6.0.2.9 cpe:2.3:a:ibm:http_server:6.0.2.9:*:*:*:*:*:*:*
ibm http_server 6.0.2.11 cpe:2.3:a:ibm:http_server:6.0.2.11:*:*:*:*:*:*:*
ibm http_server 6.0.2.13 cpe:2.3:a:ibm:http_server:6.0.2.13:*:*:*:*:*:*:*
ibm http_server 6.0.2.15 cpe:2.3:a:ibm:http_server:6.0.2.15:*:*:*:*:*:*:*
ibm http_server 6.0.2.19 cpe:2.3:a:ibm:http_server:6.0.2.19:*:*:*:*:*:*:*
ibm http_server 6.0.2.21 cpe:2.3:a:ibm:http_server:6.0.2.21:*:*:*:*:*:*:*
ibm http_server 6.0.2.23 cpe:2.3:a:ibm:http_server:6.0.2.23:*:*:*:*:*:*:*
ibm http_server 6.0.2.25 cpe:2.3:a:ibm:http_server:6.0.2.25:*:*:*:*:*:*:*
ibm http_server 6.0.2.27 cpe:2.3:a:ibm:http_server:6.0.2.27:*:*:*:*:*:*:*
ibm http_server 6.0.2.29 cpe:2.3:a:ibm:http_server:6.0.2.29:*:*:*:*:*:*:*
ibm http_server 6.0.2.31 cpe:2.3:a:ibm:http_server:6.0.2.31:*:*:*:*:*:*:*
ibm http_server 6.0.2.33 cpe:2.3:a:ibm:http_server:6.0.2.33:*:*:*:*:*:*:*
ibm http_server 6.0.2.35 cpe:2.3:a:ibm:http_server:6.0.2.35:*:*:*:*:*:*:*
ibm http_server 6.0.2.37 cpe:2.3:a:ibm:http_server:6.0.2.37:*:*:*:*:*:*:*
ibm http_server 6.0.2.39 cpe:2.3:a:ibm:http_server:6.0.2.39:*:*:*:*:*:*:*
ibm http_server 6.1 cpe:2.3:a:ibm:http_server:6.1:*:*:*:*:*:*:*
ibm http_server 6.1.0.2 cpe:2.3:a:ibm:http_server:6.1.0.2:*:*:*:*:*:*:*
ibm http_server 6.1.0.3 cpe:2.3:a:ibm:http_server:6.1.0.3:*:*:*:*:*:*:*
ibm http_server 6.1.0.5 cpe:2.3:a:ibm:http_server:6.1.0.5:*:*:*:*:*:*:*
ibm http_server 6.1.0.7 cpe:2.3:a:ibm:http_server:6.1.0.7:*:*:*:*:*:*:*
ibm http_server 6.1.0.9 cpe:2.3:a:ibm:http_server:6.1.0.9:*:*:*:*:*:*:*
ibm http_server 6.1.0.11 cpe:2.3:a:ibm:http_server:6.1.0.11:*:*:*:*:*:*:*
ibm http_server 6.1.0.13 cpe:2.3:a:ibm:http_server:6.1.0.13:*:*:*:*:*:*:*
ibm http_server 6.1.0.15 cpe:2.3:a:ibm:http_server:6.1.0.15:*:*:*:*:*:*:*
ibm http_server 6.1.0.17 cpe:2.3:a:ibm:http_server:6.1.0.17:*:*:*:*:*:*:*
ibm http_server 6.1.0.19 cpe:2.3:a:ibm:http_server:6.1.0.19:*:*:*:*:*:*:*
ibm http_server 6.1.0.21 cpe:2.3:a:ibm:http_server:6.1.0.21:*:*:*:*:*:*:*
ibm http_server 6.1.0.23 cpe:2.3:a:ibm:http_server:6.1.0.23:*:*:*:*:*:*:*
ibm http_server 6.1.0.25 cpe:2.3:a:ibm:http_server:6.1.0.25:*:*:*:*:*:*:*
ibm http_server 6.1.0.27 cpe:2.3:a:ibm:http_server:6.1.0.27:*:*:*:*:*:*:*
ibm http_server 6.1.0.29 cpe:2.3:a:ibm:http_server:6.1.0.29:*:*:*:*:*:*:*
oracle http_server 10.1.3.5.0 cpe:2.3:a:oracle:http_server:10.1.3.5.0:*:*:*:*:*:*:*
broadcom vmware_ace_management_server < 2.7.2 cpe:2.3:a:broadcom:vmware_ace_management_server:*:*:*:*:*:*:*:*

References for CVE-2010-0425

URL Tags
http://httpd.apache.org/security/vulnerabilities_20.html Vendor Advisory
http://httpd.apache.org/security/vulnerabilities_22.html Vendor Advisory
http://lists.vmware.com/pipermail/security-announce/2010/000105.html Broken Link
http://secunia.com/advisories/38978 Broken Link
http://secunia.com/advisories/39628 Broken Link
http://svn.apache.org/viewvc/httpd/httpd/trunk/CHANGES?r1=917870&r2=917869&pathrev=917870 Permissions Required
http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/arch/win32/mod_isapi.c?r1=917870&r2=917869&pathrev=917870 Permissions Required
http://svn.apache.org/viewvc?view=revision&revision=917870 Permissions Required
http://www-01.ibm.com/support/docview.wss?uid=swg1PM09447 Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg1PM12247 Third Party Advisory
http://www.kb.cert.org/vuls/id/280613 Third Party Advisory US Government Resource
http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html Third Party Advisory
http://www.securityfocus.com/bid/38494 Broken Link Exploit
http://www.securitytracker.com/id?1023701 Broken Link
http://www.senseofsecurity.com.au/advisories/SOS-10-002 Third Party Advisory URL Repurposed
http://www.vmware.com/security/advisories/VMSA-2010-0014.html Third Party Advisory
http://www.vupen.com/english/advisories/2010/0634 Broken Link Vendor Advisory
http://www.vupen.com/english/advisories/2010/0994 Broken Link Issue Tracking Mailing List Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/56624 Third Party Advisory
https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E Issue Tracking Mailing List
https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E Issue Tracking Mailing List
https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E Issue Tracking Mailing List
https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E Issue Tracking Mailing List
https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E Issue Tracking Mailing List
https://lists.apache.org/thread.html/r2295080a257bad27ea68ca0af12fc715577f9e84801eae116a33107e%40%3Ccvs.httpd.apache.org%3E Issue Tracking Mailing List
https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3E Issue Tracking Mailing List
https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E Issue Tracking Mailing List
https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4%40%3Ccvs.httpd.apache.org%3E Issue Tracking Mailing List
https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E Issue Tracking Mailing List
https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3E Issue Tracking Mailing List
https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3E Issue Tracking Mailing List
https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E Issue Tracking Mailing List
https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E Issue Tracking Mailing List
https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3Ccvs.httpd.apache.org%3E Issue Tracking Mailing List
https://lists.apache.org/thread.html/rad2acee3ab838b52c04a0698b1728a9a43467bf365bd481c993c535d%40%3Ccvs.httpd.apache.org%3E Issue Tracking Mailing List
https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10%40%3Ccvs.httpd.apache.org%3E Issue Tracking Mailing List
https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E Issue Tracking Mailing List
https://lists.apache.org/thread.html/reb7c64aeea604bf948467d9d1cab8ff23fa7d002be1964bcc275aae7%40%3Ccvs.httpd.apache.org%3E Issue Tracking Mailing List
https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E Issue Tracking Mailing List
https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E Issue Tracking Mailing List
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8439 Broken Link
https://www.exploit-db.com/exploits/11650 Third Party Advisory
cvelogic Threat Intelligence