apache/apr: The latest CVE Vulnerabilities and Exploits for Penetration Test

apache/apr Vulnerability Summary

• Vendor name: apache
• Product name: apr
• Total vulnerabilities: 7 (as 2023-05-04)

apache/apr Vulnerability List

CVE-2011-1928: The fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library 1.4.3…

Published: 2011-05-24T23:55:00 Last Modified: 2018-01-06T02:29:00

Summary

The fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library 1.4.3 and 1.4.4, and the Apache HTTP Server 2.2.18, allows remote attackers to cause a denial of service (infinite loop) via a URI that does not match unspecified types of wildcard patterns, as demonstrated by attacks against mod_autoindex in httpd when a /*/WEB-INF/ configuration pattern is used. NOTE: this issue exists because of an incorrect fix for CVE-2011-0419.

Common Weakness Enumeration (CWE): CWE-399: Resource Management Errors

CWE Description: This entry has been deprecated. It was originally used for organizing the Development View (CWE-699) and some other views, but it introduced unnecessary complexity and depth to the resulting tree.

Scores

• Impact Score: 2.9
• Exploitability Score: 8.6
• CVSS: 4.3
• CVSS Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

Impact

• Availability: PARTIAL
• Confidentiality: NONE
• Integrity: NONE

Access

• Authentication: NONE
• Complexity: MEDIUM
• Vector: NETWORK

Currently, there is no code for exploiting the CVE-2011-1928 vulnerability.

References

• http://openwall.com/lists/oss-security/2011/05/19/5
• http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=627182
• http://mail-archives.apache.org/mod_mbox/httpd-announce/201105.mbox/%3C4DD55092.3030403@apache.org%3E
• http://www.vupen.com/english/advisories/2011/1290
• http://openwall.com/lists/oss-security/2011/05/19/10
• https://issues.apache.org/bugzilla/show_bug.cgi?id=51219
• http://www.vupen.com/english/advisories/2011/1289
• http://mail-archives.apache.org/mod_mbox/www-announce/201105.mbox/%3c4DD55076.1060005@apache.org%3e
• http://secunia.com/advisories/44558
• http://secunia.com/advisories/44661
• http://www.redhat.com/support/errata/RHSA-2011-0844.html
• http://secunia.com/advisories/44780
• http://www.mandriva.com/security/advisories?name=MDVSA-2011:095
• http://secunia.com/advisories/44613
• http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00011.html
• http://marc.info/?l=bugtraq&m=134987041210674&w=2
• http://secunia.com/advisories/48308

See also: All popular products CVE Vulnerabilities of apache

CVE-2010-1623: Memory leak in the apr_brigade_split_line function in buckets/apr_brigade.c in the Apache…

Published: 2010-10-04T21:00:00 Last Modified: 2021-06-06T11:15:00

Summary

Memory leak in the apr_brigade_split_line function in buckets/apr_brigade.c in the Apache Portable Runtime Utility library (aka APR-util) before 1.3.10, as used in the mod_reqtimeout module in the Apache HTTP Server and other software, allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors related to the destruction of an APR bucket.

Common Weakness Enumeration (CWE): CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer

CWE Description: The software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.

Scores

• Impact Score: 2.9
• Exploitability Score: 10.0
• CVSS: 5.0
• CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact

• Availability: PARTIAL
• Confidentiality: NONE
• Integrity: NONE

Access

• Authentication: NONE
• Complexity: LOW
• Vector: NETWORK

Currently, there is no code for exploiting the CVE-2010-1623 vulnerability.

References

• http://security-tracker.debian.org/tracker/CVE-2010-1623
• http://svn.apache.org/viewvc?view=revision&revision=1003495
• http://svn.apache.org/viewvc?view=revision&revision=1003492
• http://www.mandriva.com/security/advisories?name=MDVSA-2010:192
• http://www.vupen.com/english/advisories/2010/2556
• http://svn.apache.org/viewvc?view=revision&revision=1003494
• http://svn.apache.org/viewvc?view=revision&revision=1003493
• http://www.vupen.com/english/advisories/2010/2557
• http://svn.apache.org/viewvc?view=revision&revision=1003626
• http://www.securityfocus.com/bid/43673
• http://secunia.com/advisories/41701
• http://www.apache.org/dist/apr/CHANGES-APR-UTIL-1.3
• http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049885.html
• http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049939.html
• http://www.vupen.com/english/advisories/2010/2806
• http://secunia.com/advisories/42015
• http://secunia.com/advisories/42361
• http://ubuntu.com/usn/usn-1021-1
• http://blogs.sun.com/security/entry/cve_2010_1623_memory_leak
• http://secunia.com/advisories/42403
• http://secunia.com/advisories/42367
• http://www.ubuntu.com/usn/USN-1022-1
• http://www.vupen.com/english/advisories/2010/3074
• http://secunia.com/advisories/42537
• http://www.vupen.com/english/advisories/2010/3065
• http://www.redhat.com/support/errata/RHSA-2010-0950.html
• http://www.vupen.com/english/advisories/2010/3064
• http://www.vupen.com/english/advisories/2011/0358
• http://secunia.com/advisories/43285
• http://slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.627828
• http://www-01.ibm.com/support/docview.wss?uid=swg1PM31601
• http://secunia.com/advisories/43211
• http://www.redhat.com/support/errata/RHSA-2011-0897.html
• http://www.redhat.com/support/errata/RHSA-2011-0896.html
• http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00011.html
• http://marc.info/?l=bugtraq&m=130168502603566&w=2
• https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12800
• https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac@%3Ccvs.httpd.apache.org%3E
• https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79@%3Ccvs.httpd.apache.org%3E
• https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f@%3Ccvs.httpd.apache.org%3E
• https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53@%3Ccvs.httpd.apache.org%3E
• https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc@%3Ccvs.httpd.apache.org%3E
• https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7@%3Ccvs.httpd.apache.org%3E
• https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb@%3Ccvs.httpd.apache.org%3E
• https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b@%3Ccvs.httpd.apache.org%3E
• https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b@%3Ccvs.httpd.apache.org%3E
• https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E
• https://lists.apache.org/thread.html/r688df6f16f141e966a0a47f817e559312b3da27886f59116a94b273d@%3Ccvs.httpd.apache.org%3E
• https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b@%3Ccvs.httpd.apache.org%3E
• https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142@%3Ccvs.httpd.apache.org%3E
• https://lists.apache.org/thread.html/re2e23465bbdb17ffe109d21b4f192e6b58221cd7aa8797d530b4cd75@%3Ccvs.httpd.apache.org%3E
• https://lists.apache.org/thread.html/rad2acee3ab838b52c04a0698b1728a9a43467bf365bd481c993c535d@%3Ccvs.httpd.apache.org%3E
• https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24@%3Ccvs.httpd.apache.org%3E
• https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E
• https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064@%3Ccvs.httpd.apache.org%3E
• https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4@%3Ccvs.httpd.apache.org%3E
• https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10@%3Ccvs.httpd.apache.org%3E
• https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a@%3Ccvs.httpd.apache.org%3E
• https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f@%3Ccvs.httpd.apache.org%3E

See also: All popular products CVE Vulnerabilities of apache

CVE-2009-2699: The Solaris pollset feature in the Event Port backend in poll/unix/port.c in the Apache Portable…

Published: 2009-10-13T10:30:00 Last Modified: 2021-06-06T11:15:00

Summary

The Solaris pollset feature in the Event Port backend in poll/unix/port.c in the Apache Portable Runtime (APR) library before 1.3.9, as used in the Apache HTTP Server before 2.2.14 and other products, does not properly handle errors, which allows remote attackers to cause a denial of service (daemon hang) via unspecified HTTP requests, related to the prefork and event MPMs.

Scores

• Impact Score: 2.9
• Exploitability Score: 10.0
• CVSS: 5.0
• CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact

• Availability: PARTIAL
• Confidentiality: NONE
• Integrity: NONE

Access

• Authentication: NONE
• Complexity: LOW
• Vector: NETWORK

Currently, there is no code for exploiting the CVE-2009-2699 vulnerability.

References

• http://www.securityfocus.com/bid/36596
• http://www.apache.org/dist/httpd/CHANGES_2.2.14
• http://securitytracker.com/id?1022988
• https://issues.apache.org/bugzilla/show_bug.cgi?id=47645
• http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html
• http://www.mandriva.com/security/advisories?name=MDVSA-2013:150
• http://marc.info/?l=bugtraq&m=133355494609819&w=2
• https://exchange.xforce.ibmcloud.com/vulnerabilities/53666
• https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f@%3Ccvs.httpd.apache.org%3E
• https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53@%3Ccvs.httpd.apache.org%3E
• https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7@%3Ccvs.httpd.apache.org%3E
• https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b@%3Ccvs.httpd.apache.org%3E
• https://lists.apache.org/thread.html/reb7c64aeea604bf948467d9d1cab8ff23fa7d002be1964bcc275aae7@%3Ccvs.httpd.apache.org%3E
• https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E
• https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f@%3Ccvs.httpd.apache.org%3E
• https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E
• https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064@%3Ccvs.httpd.apache.org%3E
• https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b@%3Ccvs.httpd.apache.org%3E
• https://lists.apache.org/thread.html/r2295080a257bad27ea68ca0af12fc715577f9e84801eae116a33107e@%3Ccvs.httpd.apache.org%3E
• https://lists.apache.org/thread.html/rad2acee3ab838b52c04a0698b1728a9a43467bf365bd481c993c535d@%3Ccvs.httpd.apache.org%3E

See also: All popular products CVE Vulnerabilities of apache

CVE-2009-2412: Multiple integer overflows in the Apache Portable Runtime (APR) library and the Apache Portable…

Published: 2009-08-06T15:30:00 Last Modified: 2021-06-06T11:15:00

Summary

Multiple integer overflows in the Apache Portable Runtime (APR) library and the Apache Portable Utility library (aka APR-util) 0.9.x and 1.3.x allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger crafted calls to the (1) allocator_alloc or (2) apr_palloc function in memory/unix/apr_pools.c in APR; or crafted calls to the (3) apr_rmm_malloc, (4) apr_rmm_calloc, or (5) apr_rmm_realloc function in misc/apr_rmm.c in APR-util; leading to buffer overflows. NOTE: some of these details are obtained from third party information.

Common Weakness Enumeration (CWE): CWE-189: Numeric Errors

CWE Description: Weaknesses in this category are related to improper calculation or conversion of numbers.

Scores

• Impact Score: 10.0
• Exploitability Score: 10.0
• CVSS: 10.0
• CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Impact

• Availability: COMPLETE
• Confidentiality: COMPLETE
• Integrity: COMPLETE

Access

• Authentication: NONE
• Complexity: LOW
• Vector: NETWORK

Currently, there is no code for exploiting the CVE-2009-2412 vulnerability.

References

• http://svn.apache.org/viewvc/apr/apr-util/branches/0.9.x/misc/apr_rmm.c?r1=230441&r2=800736
• http://svn.apache.org/viewvc/apr/apr/branches/0.9.x/CHANGES?revision=800733&view=markup
• http://secunia.com/advisories/36138
• http://svn.apache.org/viewvc/apr/apr-util/branches/0.9.x/CHANGES?revision=800736&view=markup
• http://svn.apache.org/viewvc/apr/apr/branches/0.9.x/memory/unix/apr_pools.c?r1=585356&r2=800733
• http://svn.apache.org/viewvc/apr/apr-util/branches/1.3.x/CHANGES?revision=800735&view=markup
• http://svn.apache.org/viewvc/apr/apr-util/branches/1.3.x/misc/apr_rmm.c?r1=647687&r2=800735
• http://www.securityfocus.com/bid/35949
• http://secunia.com/advisories/36140
• http://svn.apache.org/viewvc/apr/apr/branches/1.3.x/CHANGES?revision=800732&view=markup
• http://svn.apache.org/viewvc/apr/apr/branches/1.3.x/memory/unix/apr_pools.c?r1=678140&r2=800732
• http://www.mandriva.com/security/advisories?name=MDVSA-2009:195
• http://osvdb.org/56766
• http://osvdb.org/56765
• http://www.ubuntu.com/usn/usn-813-2
• http://secunia.com/advisories/36166
• https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00353.html
• https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00320.html
• http://secunia.com/advisories/36233
• http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00006.html
• http://secunia.com/advisories/37152
• http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html
• http://support.apple.com/kb/HT3937
• http://www.vupen.com/english/advisories/2009/3184
• http://secunia.com/advisories/37221
• http://www-01.ibm.com/support/docview.wss?uid=swg1PK93225
• http://www-01.ibm.com/support/docview.wss?uid=swg1PK99482
• http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html
• http://www.vupen.com/english/advisories/2010/1107
• https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9958
• https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8394
• https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac@%3Ccvs.httpd.apache.org%3E
• https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79@%3Ccvs.httpd.apache.org%3E
• https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f@%3Ccvs.httpd.apache.org%3E
• https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53@%3Ccvs.httpd.apache.org%3E
• https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc@%3Ccvs.httpd.apache.org%3E
• https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7@%3Ccvs.httpd.apache.org%3E
• https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb@%3Ccvs.httpd.apache.org%3E
• https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b@%3Ccvs.httpd.apache.org%3E
• https://lists.apache.org/thread.html/reb7c64aeea604bf948467d9d1cab8ff23fa7d002be1964bcc275aae7@%3Ccvs.httpd.apache.org%3E
• https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E
• https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b@%3Ccvs.httpd.apache.org%3E
• https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142@%3Ccvs.httpd.apache.org%3E
• https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E
• https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064@%3Ccvs.httpd.apache.org%3E
• https://lists.apache.org/thread.html/rad2acee3ab838b52c04a0698b1728a9a43467bf365bd481c993c535d@%3Ccvs.httpd.apache.org%3E
• https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4@%3Ccvs.httpd.apache.org%3E
• https://lists.apache.org/thread.html/r2295080a257bad27ea68ca0af12fc715577f9e84801eae116a33107e@%3Ccvs.httpd.apache.org%3E
• https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b@%3Ccvs.httpd.apache.org%3E
• https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10@%3Ccvs.httpd.apache.org%3E
• https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f@%3Ccvs.httpd.apache.org%3E

See also: All popular products CVE Vulnerabilities of apache

CVE-2009-0023: The apr_strmatch_precompile function in strmatch/apr_strmatch.c in Apache APR-util before 1.3.5…

Published: 2009-06-08T01:00:00 Last Modified: 2021-06-06T11:15:00

Summary

The apr_strmatch_precompile function in strmatch/apr_strmatch.c in Apache APR-util before 1.3.5 allows remote attackers to cause a denial of service (daemon crash) via crafted input involving (1) a .htaccess file used with the Apache HTTP Server, (2) the SVNMasterURI directive in the mod_dav_svn module in the Apache HTTP Server, (3) the mod_apreq2 module for the Apache HTTP Server, or (4) an application that uses the libapreq2 library, which triggers a heap-based buffer underflow.

Common Weakness Enumeration (CWE): CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer

CWE Description: The software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.

Scores

• Impact Score: 2.9
• Exploitability Score: 8.6
• CVSS: 4.3
• CVSS Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

Impact

• Availability: PARTIAL
• Confidentiality: NONE
• Integrity: NONE

Access

• Authentication: NONE
• Complexity: MEDIUM
• Vector: NETWORK

Currently, there is no code for exploiting the CVE-2009-0023 vulnerability.

References

• http://www.debian.org/security/2009/dsa-1812
• http://www.securityfocus.com/bid/35221
• http://secunia.com/advisories/35284
• https://bugzilla.redhat.com/show_bug.cgi?id=503928
• http://secunia.com/advisories/35360
• http://www.apache.org/dist/apr/CHANGES-APR-UTIL-1.3
• http://svn.apache.org/viewvc?view=rev&revision=779880
• http://www.mandriva.com/security/advisories?name=MDVSA-2009:131
• http://www.ubuntu.com/usn/usn-786-1
• http://www.redhat.com/support/errata/RHSA-2009-1108.html
• http://www.redhat.com/support/errata/RHSA-2009-1107.html
• http://secunia.com/advisories/35444
• http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.538210
• http://secunia.com/advisories/34724
• http://secunia.com/advisories/35487
• http://secunia.com/advisories/35395
• http://www.ubuntu.com/usn/usn-787-1
• https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01228.html
• https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01201.html
• https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01173.html
• http://secunia.com/advisories/35565
• http://www-01.ibm.com/support/docview.wss?uid=swg1PK91241
• http://security.gentoo.org/glsa/glsa-200907-03.xml
• http://secunia.com/advisories/35710
• http://www-01.ibm.com/support/docview.wss?uid=swg1PK88341
• http://secunia.com/advisories/35797
• http://secunia.com/advisories/35843
• http://www.vupen.com/english/advisories/2009/1907
• http://support.apple.com/kb/HT3937
• http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html
• http://www.vupen.com/english/advisories/2009/3184
• http://www-01.ibm.com/support/docview.wss?uid=swg27014463
• http://www-01.ibm.com/support/docview.wss?uid=swg1PK99478
• http://secunia.com/advisories/37221
• http://wiki.rpath.com/Advisories:rPSA-2009-0144
• http://marc.info/?l=bugtraq&m=129190899612998&w=2
• http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html
• http://www.mandriva.com/security/advisories?name=MDVSA-2013:150
• https://exchange.xforce.ibmcloud.com/vulnerabilities/50964
• https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12321
• https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10968
• http://www.securityfocus.com/archive/1/507855/100/0/threaded
• https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f@%3Ccvs.httpd.apache.org%3E
• https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53@%3Ccvs.httpd.apache.org%3E
• https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7@%3Ccvs.httpd.apache.org%3E
• https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b@%3Ccvs.httpd.apache.org%3E
• https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b@%3Ccvs.httpd.apache.org%3E
• https://lists.apache.org/thread.html/r7dd6be4dc38148704f2edafb44a8712abaa3a2be120d6c3314d55919@%3Ccvs.httpd.apache.org%3E
• https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E
• https://lists.apache.org/thread.html/r84d043c2115176958562133d96d851495d712aa49da155d81f6733be@%3Ccvs.httpd.apache.org%3E
• https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E
• https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064@%3Ccvs.httpd.apache.org%3E
• https://lists.apache.org/thread.html/rc4c53a0d57b2771ecd4b965010580db355e38137c8711311ee1073a8@%3Ccvs.httpd.apache.org%3E
• https://lists.apache.org/thread.html/r8c9983f1172a3415f915ddb7e14de632d2d0c326eb1285755a024165@%3Ccvs.httpd.apache.org%3E
• https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24@%3Ccvs.httpd.apache.org%3E
• https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f@%3Ccvs.httpd.apache.org%3E

See also: All popular products CVE Vulnerabilities of apache

CVE-2009-1955: The expat XML parser in the apr_xml_* interface in xml/apr_xml.c in Apache APR-util before 1.3.7,…

Published: 2009-06-08T01:00:00 Last Modified: 2021-06-06T11:15:00

Summary

The expat XML parser in the apr_xml_* interface in xml/apr_xml.c in Apache APR-util before 1.3.7, as used in the mod_dav and mod_dav_svn modules in the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, as demonstrated by a PROPFIND request, a similar issue to CVE-2003-1564.

Scores

• Impact Score: 2.9
• Exploitability Score: 10.0
• CVSS: 5.0
• CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact

• Availability: PARTIAL
• Confidentiality: NONE
• Integrity: NONE

Access

• Authentication: NONE
• Complexity: LOW
• Vector: NETWORK

Exploits Database (Total Exploits Count: 1)

Code designed for conducting penetration testing on CVE-2009-1955 vulnerability.

• Apache mod_dav / svn - Remote Denial of Service by kingcope at 2009-06-01

References

• http://svn.apache.org/viewvc?view=rev&revision=781403
• http://www.debian.org/security/2009/dsa-1812
• http://secunia.com/advisories/35284
• http://marc.info/?l=apr-dev&m=124396021826125&w=2
• http://www.apache.org/dist/apr/CHANGES-APR-UTIL-1.3
• http://secunia.com/advisories/35360
• http://www.openwall.com/lists/oss-security/2009/06/03/4
• http://www.mandriva.com/security/advisories?name=MDVSA-2009:131
• http://www.securityfocus.com/bid/35253
• http://www.ubuntu.com/usn/usn-786-1
• http://www.redhat.com/support/errata/RHSA-2009-1108.html
• http://www.redhat.com/support/errata/RHSA-2009-1107.html
• http://secunia.com/advisories/35487
• http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.538210
• http://secunia.com/advisories/35444
• http://secunia.com/advisories/34724
• http://secunia.com/advisories/35395
• http://www.ubuntu.com/usn/usn-787-1
• https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01228.html
• https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01173.html
• https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01201.html
• http://secunia.com/advisories/35565
• http://secunia.com/advisories/35797
• http://www-01.ibm.com/support/docview.wss?uid=swg1PK88342
• http://www-01.ibm.com/support/docview.wss?uid=swg1PK91241
• http://secunia.com/advisories/35710
• http://secunia.com/advisories/35843
• http://security.gentoo.org/glsa/glsa-200907-03.xml
• http://www.vupen.com/english/advisories/2009/1907
• http://secunia.com/advisories/36473
• http://wiki.rpath.com/Advisories:rPSA-2009-0123
• http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html
• http://support.apple.com/kb/HT3937
• http://www.vupen.com/english/advisories/2009/3184
• http://www-01.ibm.com/support/docview.wss?uid=swg27014463
• http://secunia.com/advisories/37221
• http://www-01.ibm.com/support/docview.wss?uid=swg1PK99478
• http://www.vupen.com/english/advisories/2010/1107
• http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html
• http://marc.info/?l=bugtraq&m=129190899612998&w=2
• http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html
• http://www.mandriva.com/security/advisories?name=MDVSA-2013:150
• https://www.exploit-db.com/exploits/8842
• https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12473
• https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10270
• http://www.securityfocus.com/archive/1/506053/100/0/threaded
• https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f@%3Ccvs.httpd.apache.org%3E
• https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53@%3Ccvs.httpd.apache.org%3E
• https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7@%3Ccvs.httpd.apache.org%3E
• https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b@%3Ccvs.httpd.apache.org%3E
• https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E
• https://lists.apache.org/thread.html/reb7c64aeea604bf948467d9d1cab8ff23fa7d002be1964bcc275aae7@%3Ccvs.httpd.apache.org%3E
• https://lists.apache.org/thread.html/r2295080a257bad27ea68ca0af12fc715577f9e84801eae116a33107e@%3Ccvs.httpd.apache.org%3E
• https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064@%3Ccvs.httpd.apache.org%3E
• https://lists.apache.org/thread.html/rc4c53a0d57b2771ecd4b965010580db355e38137c8711311ee1073a8@%3Ccvs.httpd.apache.org%3E
• https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E
• https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b@%3Ccvs.httpd.apache.org%3E
• https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24@%3Ccvs.httpd.apache.org%3E
• https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a@%3Ccvs.httpd.apache.org%3E
• https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f@%3Ccvs.httpd.apache.org%3E

See also: All popular products CVE Vulnerabilities of apache

CVE-2009-1956: Off-by-one error in the apr_brigade_vprintf function in Apache APR-util before 1.3.5 on big-…

Published: 2009-06-08T01:00:00 Last Modified: 2021-06-06T11:15:00

Summary

Off-by-one error in the apr_brigade_vprintf function in Apache APR-util before 1.3.5 on big-endian platforms allows remote attackers to obtain sensitive information or cause a denial of service (application crash) via crafted input.

Common Weakness Enumeration (CWE): CWE-189: Numeric Errors

CWE Description: Weaknesses in this category are related to improper calculation or conversion of numbers.

Scores

• Impact Score: 4.9
• Exploitability Score: 10.0
• CVSS: 6.4
• CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:P

Impact

• Availability: PARTIAL
• Confidentiality: PARTIAL
• Integrity: NONE

Access

• Authentication: NONE
• Complexity: LOW
• Vector: NETWORK

Currently, there is no code for exploiting the CVE-2009-1956 vulnerability.

References

• http://www.mail-archive.com/dev@apr.apache.org/msg21592.html
• http://svn.apache.org/viewvc?view=rev&revision=768417
• http://www.mail-archive.com/dev@apr.apache.org/msg21591.html
• http://www.apache.org/dist/apr/CHANGES-APR-UTIL-1.3
• https://bugzilla.redhat.com/show_bug.cgi?id=504390
• http://www.openwall.com/lists/oss-security/2009/06/06/1
• http://www.mandriva.com/security/advisories?name=MDVSA-2009:131
• http://www.ubuntu.com/usn/usn-786-1
• http://www.securityfocus.com/bid/35251
• http://www.redhat.com/support/errata/RHSA-2009-1107.html
• http://www.redhat.com/support/errata/RHSA-2009-1108.html
• http://secunia.com/advisories/34724
• http://secunia.com/advisories/35487
• http://secunia.com/advisories/35395
• http://www.ubuntu.com/usn/usn-787-1
• https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01228.html
• https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01201.html
• https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01173.html
• http://secunia.com/advisories/35565
• http://secunia.com/advisories/35710
• http://secunia.com/advisories/35843
• http://security.gentoo.org/glsa/glsa-200907-03.xml
• http://www-01.ibm.com/support/docview.wss?uid=swg1PK91241
• http://www-01.ibm.com/support/docview.wss?uid=swg1PK88341
• http://secunia.com/advisories/35797
• http://secunia.com/advisories/35284
• http://www.vupen.com/english/advisories/2009/1907
• http://support.apple.com/kb/HT3937
• http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html
• http://www.vupen.com/english/advisories/2009/3184
• http://www-01.ibm.com/support/docview.wss?uid=swg27014463
• http://secunia.com/advisories/37221
• http://www-01.ibm.com/support/docview.wss?uid=swg1PK99478
• http://marc.info/?l=bugtraq&m=129190899612998&w=2
• http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html
• http://www.mandriva.com/security/advisories?name=MDVSA-2013:150
• https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12237
• https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11567
• https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f@%3Ccvs.httpd.apache.org%3E
• https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53@%3Ccvs.httpd.apache.org%3E
• https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7@%3Ccvs.httpd.apache.org%3E
• https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b@%3Ccvs.httpd.apache.org%3E
• https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E
• https://lists.apache.org/thread.html/reb7c64aeea604bf948467d9d1cab8ff23fa7d002be1964bcc275aae7@%3Ccvs.httpd.apache.org%3E
• https://lists.apache.org/thread.html/r2295080a257bad27ea68ca0af12fc715577f9e84801eae116a33107e@%3Ccvs.httpd.apache.org%3E
• https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064@%3Ccvs.httpd.apache.org%3E
• https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b@%3Ccvs.httpd.apache.org%3E
• https://lists.apache.org/thread.html/rad2acee3ab838b52c04a0698b1728a9a43467bf365bd481c993c535d@%3Ccvs.httpd.apache.org%3E
• https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E
• https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24@%3Ccvs.httpd.apache.org%3E
• https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f@%3Ccvs.httpd.apache.org%3E

See also: All popular products CVE Vulnerabilities of apache