4.3

CVE-2009-0023

The apr_strmatch_precompile function in strmatch/apr_strmatch.c in Apache APR-util before 1.3.5 allows remote attackers to cause a denial of service (daemon crash) via crafted input involving (1) a .htaccess file used with the Apache HTTP Server, (2) the SVNMasterURI directive in the mod_dav_svn module in the Apache HTTP Server, (3) the mod_apreq2 module for the Apache HTTP Server, or (4) an application that uses the libapreq2 library, which triggers a heap-based buffer underflow.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
ApacheApr-util Version <= 1.3.4
ApacheApr-util Version0.9.1
ApacheApr-util Version0.9.2
ApacheApr-util Version0.9.3
ApacheApr-util Version0.9.4
ApacheApr-util Version0.9.5
ApacheApr-util Version1.0
ApacheApr-util Version1.0.1
ApacheApr-util Version1.0.2
ApacheApr-util Version1.1.0
ApacheApr-util Version1.1.1
ApacheApr-util Version1.1.2
ApacheApr-util Version1.2.1
ApacheApr-util Version1.2.2
ApacheApr-util Version1.2.6
ApacheApr-util Version1.2.7
ApacheApr-util Version1.2.8
ApacheApr-util Version1.3.0
ApacheApr-util Version1.3.1
ApacheApr-util Version1.3.2
ApacheApr-util Version1.3.3
ApacheHTTP Server Version >= 2.2.0 < 2.2.12
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 8.53% 0.944
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:N/A:P
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E
Third Party Advisory
https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E
Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2013:150
Third Party Advisory
https://lists.apache.org/thread.html/r8c9983f1172a3415f915ddb7e14de632d2d0c326eb1285755a024165%40%3Ccvs.httpd.apache.org%3E
Third Party Advisory
https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E
Third Party Advisory
https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E
Third Party Advisory
https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3Ccvs.httpd.apache.org%3E
Third Party Advisory
http://marc.info/?l=bugtraq&m=129190899612998&w=2
Third Party Advisory
http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html
Third Party Advisory
https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E
Third Party Advisory
https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E
Third Party Advisory
https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E
Third Party Advisory
https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E
Third Party Advisory
https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E
Third Party Advisory
http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html
Third Party Advisory
Mailing List
http://support.apple.com/kb/HT3937
Third Party Advisory
http://www.vupen.com/english/advisories/2009/3184
Third Party Advisory
https://lists.apache.org/thread.html/r7dd6be4dc38148704f2edafb44a8712abaa3a2be120d6c3314d55919%40%3Ccvs.httpd.apache.org%3E
Third Party Advisory
https://lists.apache.org/thread.html/r84d043c2115176958562133d96d851495d712aa49da155d81f6733be%40%3Ccvs.httpd.apache.org%3E
Third Party Advisory
https://lists.apache.org/thread.html/rc4c53a0d57b2771ecd4b965010580db355e38137c8711311ee1073a8%40%3Ccvs.httpd.apache.org%3E
Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg27014463
Third Party Advisory
http://secunia.com/advisories/35395
Third Party Advisory
http://www.ubuntu.com/usn/usn-787-1
Third Party Advisory
http://secunia.com/advisories/34724
Third Party Advisory
http://secunia.com/advisories/35284
Third Party Advisory
Vendor Advisory
http://secunia.com/advisories/35360
Third Party Advisory
Vendor Advisory
http://secunia.com/advisories/35444
Third Party Advisory
http://secunia.com/advisories/35487
Third Party Advisory
http://secunia.com/advisories/35565
Third Party Advisory
http://secunia.com/advisories/35710
Third Party Advisory
http://secunia.com/advisories/35797
Third Party Advisory
http://secunia.com/advisories/35843
Third Party Advisory
http://secunia.com/advisories/37221
Third Party Advisory
http://security.gentoo.org/glsa/glsa-200907-03.xml
Third Party Advisory
http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.538210
Third Party Advisory
http://svn.apache.org/viewvc?view=rev&revision=779880
Third Party Advisory
http://wiki.rpath.com/Advisories:rPSA-2009-0144
Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg1PK88341
Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg1PK91241
Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg1PK99478
Third Party Advisory
http://www.apache.org/dist/apr/CHANGES-APR-UTIL-1.3
Third Party Advisory
http://www.debian.org/security/2009/dsa-1812
Patch
Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2009:131
Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2009-1107.html
Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2009-1108.html
Third Party Advisory
http://www.securityfocus.com/archive/1/507855/100/0/threaded
Third Party Advisory
VDB Entry
http://www.securityfocus.com/bid/35221
Third Party Advisory
VDB Entry
http://www.ubuntu.com/usn/usn-786-1
Third Party Advisory
http://www.vupen.com/english/advisories/2009/1907
Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=503928
Patch
Third Party Advisory
Issue Tracking
https://exchange.xforce.ibmcloud.com/vulnerabilities/50964
Third Party Advisory
VDB Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10968
Third Party Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12321
Third Party Advisory
https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01173.html
Third Party Advisory
https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01201.html
Third Party Advisory
https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01228.html
Third Party Advisory