Vulnerability DatabaseCVE-2009-0023
Mend.io Vulnerability Database
The largest open source vulnerability database
What is a Vulnerability ID?
New vulnerability? Tell us about it!
CVE-2009-0023
June 06, 2009
The apr_strmatch_precompile function in strmatch/apr_strmatch.c in Apache APR-util before 1.3.5 allows remote attackers to cause a denial of service (daemon crash) via crafted input involving (1) a .htaccess file used with the Apache HTTP Server, (2) the SVNMasterURI directive in the mod_dav_svn module in the Apache HTTP Server, (3) the mod_apreq2 module for the Apache HTTP Server, or (4) an application that uses the libapreq2 library, which triggers a heap-based buffer underflow.
Related Resources (58)
http://www.vupen.com/english/advisories/2009/1907
http://www-01.ibm.com/support/docview.wss?uid=swg1PK99478
http://www.securityfocus.com/bid/35221
http://secunia.com/advisories/35710
https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E
http://www.apache.org/dist/apr/CHANGES-APR-UTIL-1.3
http://security.gentoo.org/glsa/glsa-200907-03.xml
http://www.redhat.com/support/errata/RHSA-2009-1107.html
http://support.apple.com/kb/HT3937
https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E
http://www-01.ibm.com/support/docview.wss?uid=swg27014463
http://www.mandriva.com/security/advisories?name=MDVSA-2009:131
http://www.debian.org/security/2009/dsa-1812
https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E
https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01228.html
http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html
https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3Ccvs.httpd.apache.org%3E
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10968
https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E
http://secunia.com/advisories/37221
https://access.redhat.com/security/cve/CVE-2009-0023
http://secunia.com/advisories/35360
http://secunia.com/advisories/35565
http://secunia.com/advisories/35395
http://secunia.com/advisories/35487
http://www-01.ibm.com/support/docview.wss?uid=swg1PK91241
http://www.ubuntu.com/usn/usn-786-1
http://www.redhat.com/support/errata/RHSA-2009-1108.html
http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.538210
https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E
http://www-01.ibm.com/support/docview.wss?uid=swg1PK88341
https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E
http://www.vupen.com/english/advisories/2009/3184
https://lists.apache.org/thread.html/r8c9983f1172a3415f915ddb7e14de632d2d0c326eb1285755a024165%40%3Ccvs.httpd.apache.org%3E
https://exchange.xforce.ibmcloud.com/vulnerabilities/50964
https://people.canonical.com/~ubuntu-security/cve/CVE-2009-0023
https://lists.apache.org/thread.html/r7dd6be4dc38148704f2edafb44a8712abaa3a2be120d6c3314d55919%40%3Ccvs.httpd.apache.org%3E
http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html
https://lists.apache.org/thread.html/rc4c53a0d57b2771ecd4b965010580db355e38137c8711311ee1073a8%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r84d043c2115176958562133d96d851495d712aa49da155d81f6733be%40%3Ccvs.httpd.apache.org%3E
http://wiki.rpath.com/Advisories:rPSA-2009-0144
http://svn.apache.org/viewvc?view=rev&revision=779880
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12321
https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E
http://marc.info/?l=bugtraq&m=129190899612998&w=2
http://secunia.com/advisories/35797
http://www.ubuntu.com/usn/usn-787-1
http://secunia.com/advisories/35284
https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01173.html
https://bugzilla.redhat.com/show_bug.cgi?id=503928
http://secunia.com/advisories/35444
http://secunia.com/advisories/34724
http://www.securityfocus.com/archive/1/507855/100/0/threaded
http://secunia.com/advisories/35843
https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01201.html
http://www.mandriva.com/security/advisories?name=MDVSA-2013:150
Do you need more information?
Contact Us
CVSS v4
Base Score:
6.3
Attack Vector
NETWORK
Attack Complexity
HIGH
Attack Requirements
NONE
Privileges Required
NONE
User Interaction
NONE
Vulnerable System Confidentiality
NONE
Vulnerable System Integrity
NONE
Vulnerable System Availability
LOW
Subsequent System Confidentiality
NONE
Subsequent System Integrity
NONE
Subsequent System Availability
NONE
CVSS v3
Base Score:
3.7
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
NONE
Integrity
NONE
Availability
LOW
CVSS v2
Base Score:
4.3
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
Weakness Type (CWE)
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE-119
EPSS
Base Score:
14.79