Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2009-0023

Опубликовано: 08 июн. 2009
Источник: nvd
CVSS2: 4.3
EPSS Средний

Описание

The apr_strmatch_precompile function in strmatch/apr_strmatch.c in Apache APR-util before 1.3.5 allows remote attackers to cause a denial of service (daemon crash) via crafted input involving (1) a .htaccess file used with the Apache HTTP Server, (2) the SVNMasterURI directive in the mod_dav_svn module in the Apache HTTP Server, (3) the mod_apreq2 module for the Apache HTTP Server, or (4) an application that uses the libapreq2 library, which triggers a heap-based buffer underflow.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:apache:apr-util:*:*:*:*:*:*:*:*
Версия до 1.3.4 (включая)
cpe:2.3:a:apache:apr-util:0.9.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:apr-util:0.9.2:*:*:*:*:*:*:*
cpe:2.3:a:apache:apr-util:0.9.3:*:*:*:*:*:*:*
cpe:2.3:a:apache:apr-util:0.9.4:*:*:*:*:*:*:*
cpe:2.3:a:apache:apr-util:0.9.5:*:*:*:*:*:*:*
cpe:2.3:a:apache:apr-util:1.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:apr-util:1.0.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:apr-util:1.0.2:*:*:*:*:*:*:*
cpe:2.3:a:apache:apr-util:1.1.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:apr-util:1.1.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:apr-util:1.1.2:*:*:*:*:*:*:*
cpe:2.3:a:apache:apr-util:1.2.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:apr-util:1.2.2:*:*:*:*:*:*:*
cpe:2.3:a:apache:apr-util:1.2.6:*:*:*:*:*:*:*
cpe:2.3:a:apache:apr-util:1.2.7:*:*:*:*:*:*:*
cpe:2.3:a:apache:apr-util:1.2.8:*:*:*:*:*:*:*
cpe:2.3:a:apache:apr-util:1.3.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:apr-util:1.3.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:apr-util:1.3.2:*:*:*:*:*:*:*
cpe:2.3:a:apache:apr-util:1.3.3:*:*:*:*:*:*:*
Конфигурация 2
cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*
Версия от 2.2.0 (включая) до 2.2.12 (исключая)

EPSS

Процентиль: 93%
0.1007
Средний

4.3 Medium

CVSS2

Дефекты

CWE-119

Связанные уязвимости

ubuntu логотип

CVE-2009-0023

ubuntu
около 16 лет назад

The apr_strmatch_precompile function in strmatch/apr_strmatch.c in Apache APR-util before 1.3.5 allows remote attackers to cause a denial of service (daemon crash) via crafted input involving (1) a .htaccess file used with the Apache HTTP Server, (2) the SVNMasterURI directive in the mod_dav_svn module in the Apache HTTP Server, (3) the mod_apreq2 module for the Apache HTTP Server, or (4) an application that uses the libapreq2 library, which triggers a heap-based buffer underflow.

redhat логотип

CVE-2009-0023

redhat
около 16 лет назад

The apr_strmatch_precompile function in strmatch/apr_strmatch.c in Apache APR-util before 1.3.5 allows remote attackers to cause a denial of service (daemon crash) via crafted input involving (1) a .htaccess file used with the Apache HTTP Server, (2) the SVNMasterURI directive in the mod_dav_svn module in the Apache HTTP Server, (3) the mod_apreq2 module for the Apache HTTP Server, or (4) an application that uses the libapreq2 library, which triggers a heap-based buffer underflow.

debian логотип

CVE-2009-0023

debian
около 16 лет назад

The apr_strmatch_precompile function in strmatch/apr_strmatch.c in Apa ...

github логотип

GHSA-8jp8-5574-2q6q

github
около 3 лет назад

The apr_strmatch_precompile function in strmatch/apr_strmatch.c in Apache APR-util before 1.3.5 allows remote attackers to cause a denial of service (daemon crash) via crafted input involving (1) a .htaccess file used with the Apache HTTP Server, (2) the SVNMasterURI directive in the mod_dav_svn module in the Apache HTTP Server, (3) the mod_apreq2 module for the Apache HTTP Server, or (4) an application that uses the libapreq2 library, which triggers a heap-based buffer underflow.

oracle-oval логотип

ELSA-2009-1107

oracle-oval
около 16 лет назад

ELSA-2009-1107: apr-util security update (MODERATE)

EPSS

Процентиль: 93%
0.1007
Средний

4.3 Medium

CVSS2

Дефекты

CWE-119