Vulnerability-Lookup

CVE-2009-0023 (GCVE-0-2009-0023)

Vulnerability from cvelistv5 – Published: 2009-06-06 18:00 – Updated: 2024-08-07 04:17

Summary

The apr_strmatch_precompile function in strmatch/apr_strmatch.c in Apache APR-util before 1.3.5 allows remote attackers to cause a denial of service (daemon crash) via crafted input involving (1) a .htaccess file used with the Apache HTTP Server, (2) the SVNMasterURI directive in the mod_dav_svn module in the Apache HTTP Server, (3) the mod_apreq2 module for the Apache HTTP Server, or (4) an application that uses the libapreq2 library, which triggers a heap-based buffer underflow.

Severity ?

No CVSS data available.

CWE

Assigner

redhat

References

URL

Tags

	http://secunia.com/advisories/35487	third-party-advisoryx_refsource_SECUNIA
	http://www.debian.org/security/2009/dsa-1812	vendor-advisoryx_refsource_DEBIAN
	http://www.apache.org/dist/apr/CHANGES-APR-UTIL-1.3	x_refsource_CONFIRM
	http://www.vupen.com/english/advisories/2009/1907	vdb-entryx_refsource_VUPEN
	https://www.redhat.com/archives/fedora-package-an…	vendor-advisoryx_refsource_FEDORA
	http://secunia.com/advisories/35444	third-party-advisoryx_refsource_SECUNIA
	http://www-01.ibm.com/support/docview.wss?uid=swg…	vendor-advisoryx_refsource_AIXAPAR
	http://www.mandriva.com/security/advisories?name=…	vendor-advisoryx_refsource_MANDRIVA
	http://secunia.com/advisories/35360	third-party-advisoryx_refsource_SECUNIA
	https://bugzilla.redhat.com/show_bug.cgi?id=503928	x_refsource_CONFIRM
	http://secunia.com/advisories/35395	third-party-advisoryx_refsource_SECUNIA
	http://www-01.ibm.com/support/docview.wss?uid=swg…	vendor-advisoryx_refsource_AIXAPAR
	https://oval.cisecurity.org/repository/search/def…	vdb-entrysignaturex_refsource_OVAL
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://secunia.com/advisories/35284	third-party-advisoryx_refsource_SECUNIA
	http://www-01.ibm.com/support/docview.wss?uid=swg…	vendor-advisoryx_refsource_AIXAPAR
	http://www.securityfocus.com/archive/1/507855/100…	mailing-listx_refsource_BUGTRAQ
	http://www.securityfocus.com/bid/35221	vdb-entryx_refsource_BID
	http://secunia.com/advisories/35843	third-party-advisoryx_refsource_SECUNIA
	https://www.redhat.com/archives/fedora-package-an…	vendor-advisoryx_refsource_FEDORA
	http://www.redhat.com/support/errata/RHSA-2009-11…	vendor-advisoryx_refsource_REDHAT
	http://marc.info/?l=bugtraq&m=129190899612998&w=2	vendor-advisoryx_refsource_HP
	http://wiki.rpath.com/Advisories:rPSA-2009-0144	x_refsource_CONFIRM
	http://secunia.com/advisories/35797	third-party-advisoryx_refsource_SECUNIA
	http://www.oracle.com/technetwork/topics/security…	x_refsource_CONFIRM
	http://security.gentoo.org/glsa/glsa-200907-03.xml	vendor-advisoryx_refsource_GENTOO
	https://oval.cisecurity.org/repository/search/def…	vdb-entrysignaturex_refsource_OVAL
	https://www.redhat.com/archives/fedora-package-an…	vendor-advisoryx_refsource_FEDORA
	http://www.ubuntu.com/usn/usn-786-1	vendor-advisoryx_refsource_UBUNTU
	http://secunia.com/advisories/34724	third-party-advisoryx_refsource_SECUNIA
	http://secunia.com/advisories/37221	third-party-advisoryx_refsource_SECUNIA
	http://svn.apache.org/viewvc?view=rev&revision=779880	x_refsource_CONFIRM
	http://secunia.com/advisories/35565	third-party-advisoryx_refsource_SECUNIA
	http://www.vupen.com/english/advisories/2009/3184	vdb-entryx_refsource_VUPEN
	http://marc.info/?l=bugtraq&m=129190899612998&w=2	vendor-advisoryx_refsource_HP
	http://slackware.com/security/viewer.php?l=slackw…	vendor-advisoryx_refsource_SLACKWARE
	http://www-01.ibm.com/support/docview.wss?uid=swg…	x_refsource_CONFIRM
	http://lists.apple.com/archives/security-announce…	vendor-advisoryx_refsource_APPLE
	http://www.mandriva.com/security/advisories?name=…	vendor-advisoryx_refsource_MANDRIVA
	http://secunia.com/advisories/35710	third-party-advisoryx_refsource_SECUNIA
	http://www.redhat.com/support/errata/RHSA-2009-11…	vendor-advisoryx_refsource_REDHAT
	http://support.apple.com/kb/HT3937	x_refsource_CONFIRM
	http://www.ubuntu.com/usn/usn-787-1	vendor-advisoryx_refsource_UBUNTU
	https://lists.apache.org/thread.html/8d63cb8e9100…	mailing-listx_refsource_MLIST
	https://lists.apache.org/thread.html/f7f95ac1cd98…	mailing-listx_refsource_MLIST
	https://lists.apache.org/thread.html/r57608dc51b7…	mailing-listx_refsource_MLIST
	https://lists.apache.org/thread.html/rfbaf647d52c…	mailing-listx_refsource_MLIST
	https://lists.apache.org/thread.html/rf6449464fd8…	mailing-listx_refsource_MLIST
	https://lists.apache.org/thread.html/r7dd6be4dc38…	mailing-listx_refsource_MLIST
	https://lists.apache.org/thread.html/r9ea3538f229…	mailing-listx_refsource_MLIST
	https://lists.apache.org/thread.html/r84d043c2115…	mailing-listx_refsource_MLIST
	https://lists.apache.org/thread.html/rdca61ae9906…	mailing-listx_refsource_MLIST
	https://lists.apache.org/thread.html/r9f93cf6dde3…	mailing-listx_refsource_MLIST
	https://lists.apache.org/thread.html/rc4c53a0d57b…	mailing-listx_refsource_MLIST
	https://lists.apache.org/thread.html/r8c9983f1172…	mailing-listx_refsource_MLIST
	https://lists.apache.org/thread.html/rad01d817195…	mailing-listx_refsource_MLIST
	https://lists.apache.org/thread.html/r75cbe9ea3e2…	mailing-listx_refsource_MLIST

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T04:17:10.285Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "35487",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/35487"
          },
          {
            "name": "DSA-1812",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2009/dsa-1812"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.apache.org/dist/apr/CHANGES-APR-UTIL-1.3"
          },
          {
            "name": "ADV-2009-1907",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/1907"
          },
          {
            "name": "FEDORA-2009-5969",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01228.html"
          },
          {
            "name": "35444",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/35444"
          },
          {
            "name": "PK88341",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PK88341"
          },
          {
            "name": "MDVSA-2009:131",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:131"
          },
          {
            "name": "35360",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/35360"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=503928"
          },
          {
            "name": "35395",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/35395"
          },
          {
            "name": "PK99478",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PK99478"
          },
          {
            "name": "oval:org.mitre.oval:def:12321",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12321"
          },
          {
            "name": "apache-aprstrmatchprecompile-dos(50964)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50964"
          },
          {
            "name": "35284",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/35284"
          },
          {
            "name": "PK91241",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PK91241"
          },
          {
            "name": "20091112 rPSA-2009-0144-1 apr-util",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/507855/100/0/threaded"
          },
          {
            "name": "35221",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/35221"
          },
          {
            "name": "35843",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/35843"
          },
          {
            "name": "FEDORA-2009-6014",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01173.html"
          },
          {
            "name": "RHSA-2009:1108",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2009-1108.html"
          },
          {
            "name": "HPSBUX02612",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=129190899612998\u0026w=2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://wiki.rpath.com/Advisories:rPSA-2009-0144"
          },
          {
            "name": "35797",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/35797"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html"
          },
          {
            "name": "GLSA-200907-03",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-200907-03.xml"
          },
          {
            "name": "oval:org.mitre.oval:def:10968",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10968"
          },
          {
            "name": "FEDORA-2009-6261",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01201.html"
          },
          {
            "name": "USN-786-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/usn-786-1"
          },
          {
            "name": "34724",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/34724"
          },
          {
            "name": "37221",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/37221"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://svn.apache.org/viewvc?view=rev\u0026revision=779880"
          },
          {
            "name": "35565",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/35565"
          },
          {
            "name": "ADV-2009-3184",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/3184"
          },
          {
            "name": "SSRT100345",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=129190899612998\u0026w=2"
          },
          {
            "name": "SSA:2009-167-02",
            "tags": [
              "vendor-advisory",
              "x_refsource_SLACKWARE",
              "x_transferred"
            ],
            "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2009\u0026m=slackware-security.538210"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg27014463"
          },
          {
            "name": "APPLE-SA-2009-11-09-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html"
          },
          {
            "name": "MDVSA-2013:150",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150"
          },
          {
            "name": "35710",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/35710"
          },
          {
            "name": "RHSA-2009:1107",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2009-1107.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.apple.com/kb/HT3937"
          },
          {
            "name": "USN-787-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/usn-787-1"
          },
          {
            "name": "[httpd-cvs] 20190815 svn commit: r1048743 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E"
          },
          {
            "name": "[httpd-cvs] 20190815 svn commit: r1048742 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E"
          },
          {
            "name": "[httpd-cvs] 20200401 svn commit: r1058586 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E"
          },
          {
            "name": "[httpd-cvs] 20200401 svn commit: r1058587 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E"
          },
          {
            "name": "[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E"
          },
          {
            "name": "[httpd-cvs] 20210330 svn commit: r1888194 [5/13] - /httpd/site/trunk/content/security/json/",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r7dd6be4dc38148704f2edafb44a8712abaa3a2be120d6c3314d55919%40%3Ccvs.httpd.apache.org%3E"
          },
          {
            "name": "[httpd-cvs] 20210330 svn commit: r1073140 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E"
          },
          {
            "name": "[httpd-cvs] 20210330 svn commit: r1073139 [5/13] - in /websites/staging/httpd/trunk/content: ./ security/json/",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r84d043c2115176958562133d96d851495d712aa49da155d81f6733be%40%3Ccvs.httpd.apache.org%3E"
          },
          {
            "name": "[httpd-cvs] 20210330 svn commit: r1073146 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities-httpd.xml security/vulnerabilities_22.html security/vulnerabilities_24.html",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E"
          },
          {
            "name": "[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E"
          },
          {
            "name": "[httpd-cvs] 20210330 svn commit: r1073149 [6/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rc4c53a0d57b2771ecd4b965010580db355e38137c8711311ee1073a8%40%3Ccvs.httpd.apache.org%3E"
          },
          {
            "name": "[httpd-cvs] 20210422 svn commit: r1074079 [2/3] - in /websites/staging/httpd/trunk/content: ./ apreq/ contribute/ contributors/ dev/ docs-project/ docs/ info/ mod_fcgid/ mod_ftp/ mod_mbox/ mod_smtpd/ modules/ security/ test/ test/flood/",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r8c9983f1172a3415f915ddb7e14de632d2d0c326eb1285755a024165%40%3Ccvs.httpd.apache.org%3E"
          },
          {
            "name": "[httpd-cvs] 20210603 svn commit: r1075360 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3Ccvs.httpd.apache.org%3E"
          },
          {
            "name": "[httpd-cvs] 20210606 svn commit: r1075470 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2009-06-04T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "The apr_strmatch_precompile function in strmatch/apr_strmatch.c in Apache APR-util before 1.3.5 allows remote attackers to cause a denial of service (daemon crash) via crafted input involving (1) a .htaccess file used with the Apache HTTP Server, (2) the SVNMasterURI directive in the mod_dav_svn module in the Apache HTTP Server, (3) the mod_apreq2 module for the Apache HTTP Server, or (4) an application that uses the libapreq2 library, which triggers a heap-based buffer underflow."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-06-06T10:06:17.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "35487",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/35487"
        },
        {
          "name": "DSA-1812",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2009/dsa-1812"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.apache.org/dist/apr/CHANGES-APR-UTIL-1.3"
        },
        {
          "name": "ADV-2009-1907",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/1907"
        },
        {
          "name": "FEDORA-2009-5969",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01228.html"
        },
        {
          "name": "35444",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/35444"
        },
        {
          "name": "PK88341",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PK88341"
        },
        {
          "name": "MDVSA-2009:131",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:131"
        },
        {
          "name": "35360",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/35360"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=503928"
        },
        {
          "name": "35395",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/35395"
        },
        {
          "name": "PK99478",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PK99478"
        },
        {
          "name": "oval:org.mitre.oval:def:12321",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12321"
        },
        {
          "name": "apache-aprstrmatchprecompile-dos(50964)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50964"
        },
        {
          "name": "35284",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/35284"
        },
        {
          "name": "PK91241",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PK91241"
        },
        {
          "name": "20091112 rPSA-2009-0144-1 apr-util",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/507855/100/0/threaded"
        },
        {
          "name": "35221",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/35221"
        },
        {
          "name": "35843",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/35843"
        },
        {
          "name": "FEDORA-2009-6014",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01173.html"
        },
        {
          "name": "RHSA-2009:1108",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2009-1108.html"
        },
        {
          "name": "HPSBUX02612",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=129190899612998\u0026w=2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://wiki.rpath.com/Advisories:rPSA-2009-0144"
        },
        {
          "name": "35797",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/35797"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html"
        },
        {
          "name": "GLSA-200907-03",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-200907-03.xml"
        },
        {
          "name": "oval:org.mitre.oval:def:10968",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10968"
        },
        {
          "name": "FEDORA-2009-6261",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01201.html"
        },
        {
          "name": "USN-786-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/usn-786-1"
        },
        {
          "name": "34724",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/34724"
        },
        {
          "name": "37221",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/37221"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://svn.apache.org/viewvc?view=rev\u0026revision=779880"
        },
        {
          "name": "35565",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/35565"
        },
        {
          "name": "ADV-2009-3184",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/3184"
        },
        {
          "name": "SSRT100345",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=129190899612998\u0026w=2"
        },
        {
          "name": "SSA:2009-167-02",
          "tags": [
            "vendor-advisory",
            "x_refsource_SLACKWARE"
          ],
          "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2009\u0026m=slackware-security.538210"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg27014463"
        },
        {
          "name": "APPLE-SA-2009-11-09-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html"
        },
        {
          "name": "MDVSA-2013:150",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150"
        },
        {
          "name": "35710",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/35710"
        },
        {
          "name": "RHSA-2009:1107",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2009-1107.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.apple.com/kb/HT3937"
        },
        {
          "name": "USN-787-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/usn-787-1"
        },
        {
          "name": "[httpd-cvs] 20190815 svn commit: r1048743 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E"
        },
        {
          "name": "[httpd-cvs] 20190815 svn commit: r1048742 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E"
        },
        {
          "name": "[httpd-cvs] 20200401 svn commit: r1058586 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E"
        },
        {
          "name": "[httpd-cvs] 20200401 svn commit: r1058587 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E"
        },
        {
          "name": "[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E"
        },
        {
          "name": "[httpd-cvs] 20210330 svn commit: r1888194 [5/13] - /httpd/site/trunk/content/security/json/",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r7dd6be4dc38148704f2edafb44a8712abaa3a2be120d6c3314d55919%40%3Ccvs.httpd.apache.org%3E"
        },
        {
          "name": "[httpd-cvs] 20210330 svn commit: r1073140 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E"
        },
        {
          "name": "[httpd-cvs] 20210330 svn commit: r1073139 [5/13] - in /websites/staging/httpd/trunk/content: ./ security/json/",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r84d043c2115176958562133d96d851495d712aa49da155d81f6733be%40%3Ccvs.httpd.apache.org%3E"
        },
        {
          "name": "[httpd-cvs] 20210330 svn commit: r1073146 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities-httpd.xml security/vulnerabilities_22.html security/vulnerabilities_24.html",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E"
        },
        {
          "name": "[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E"
        },
        {
          "name": "[httpd-cvs] 20210330 svn commit: r1073149 [6/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rc4c53a0d57b2771ecd4b965010580db355e38137c8711311ee1073a8%40%3Ccvs.httpd.apache.org%3E"
        },
        {
          "name": "[httpd-cvs] 20210422 svn commit: r1074079 [2/3] - in /websites/staging/httpd/trunk/content: ./ apreq/ contribute/ contributors/ dev/ docs-project/ docs/ info/ mod_fcgid/ mod_ftp/ mod_mbox/ mod_smtpd/ modules/ security/ test/ test/flood/",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r8c9983f1172a3415f915ddb7e14de632d2d0c326eb1285755a024165%40%3Ccvs.httpd.apache.org%3E"
        },
        {
          "name": "[httpd-cvs] 20210603 svn commit: r1075360 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3Ccvs.httpd.apache.org%3E"
        },
        {
          "name": "[httpd-cvs] 20210606 svn commit: r1075470 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2009-0023",
    "datePublished": "2009-06-06T18:00:00.000Z",
    "dateReserved": "2008-12-15T00:00:00.000Z",
    "dateUpdated": "2024-08-07T04:17:10.285Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CERTA-2009-AVI-471

Vulnerability from certfr_avis - Published: 2009-11-03 - Updated: 2009-11-03

Plusieurs vulnérabilités dans IBM WebSphere permettent de provoquer un déni de service à distance ou d'injecter des requêtes illégitimes par rebond.

Description

De multiples vulnérabilités ont été découvertes dans IBM WebSphere :

plusieurs vulnérabilités permettent de provoquer un déni de service à distance sur l'APR Apache ;
une erreur de traitement dans l'interface Apr_xml_* permet de provoquer un déni de service ;
la console d'administration permet aux utilisateurs d'effectuer des actions malveillantes par le biais de requêtes HTTP non vérifiées ;
une erreur de traitement dans le serveur Web embarqué permet de provoquer un déni de service par le biais de requêtes HTTP spécialement conçues.

Solution

Se référer aux bulletins de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	IBM	WebSphere	IBM WebSphere Application Server 7.0.x.

References

Title

Publication Time

Tags

Bulletin de sécurité IBM PK99478 du 29 octobre 2009	None	vendor-advisory
Bulletin de sécurité IBM PK99480 du 29 octobre 2009	None	vendor-advisory
Bulletin de sécurité IBM PK99477 du 29 octobre 2009	None	vendor-advisory
Référence Bulletin de sécurité IBM PK99477 du 29 octobre 2009 :	-	other
Référence Bulletin de sécurité IBM PK99480 du 29 octobre 2009 :	-	other
Référence Bulletin de sécurité IBM PK99478 du 29 octobre 2009 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "IBM WebSphere Application Server 7.0.x.",
      "product": {
        "name": "WebSphere",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nDe multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans IBM WebSphere :\n\n-   plusieurs vuln\u00e9rabilit\u00e9s permettent de provoquer un d\u00e9ni de service\n    \u00e0 distance sur l\u0027APR Apache ;\n-   une erreur de traitement dans l\u0027interface Apr_xml\\_\\* permet de\n    provoquer un d\u00e9ni de service ;\n-   la console d\u0027administration permet aux utilisateurs d\u0027effectuer des\n    actions malveillantes par le biais de requ\u00eates HTTP non v\u00e9rifi\u00e9es ;\n-   une erreur de traitement dans le serveur Web embarqu\u00e9 permet de\n    provoquer un d\u00e9ni de service par le biais de requ\u00eates HTTP\n    sp\u00e9cialement con\u00e7ues.\n\n## Solution\n\nSe r\u00e9f\u00e9rer aux bulletins de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2009-1891",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1891"
    },
    {
      "name": "CVE-2009-0023",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0023"
    },
    {
      "name": "CVE-2009-1956",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1956"
    }
  ],
  "initial_release_date": "2009-11-03T00:00:00",
  "last_revision_date": "2009-11-03T00:00:00",
  "links": [
    {
      "title": "R\u00e9f\u00e9rence Bulletin de s\u00e9curit\u00e9 IBM PK99477 du 29 octobre    2009 :",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PK99477"
    },
    {
      "title": "R\u00e9f\u00e9rence Bulletin de s\u00e9curit\u00e9 IBM PK99480 du 29 octobre    2009 :",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PK99480"
    },
    {
      "title": "R\u00e9f\u00e9rence Bulletin de s\u00e9curit\u00e9 IBM PK99478 du 29 octobre    2009 :",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PK99478"
    }
  ],
  "reference": "CERTA-2009-AVI-471",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2009-11-03T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
    }
  ],
  "summary": "Plusieurs vuln\u00e9rabilit\u00e9s dans IBM WebSphere permettent de provoquer un\nd\u00e9ni de service \u00e0 distance ou d\u0027injecter des requ\u00eates ill\u00e9gitimes par\nrebond.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans IBM WebSphere pour z/OS",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM PK99478 du 29 octobre 2009",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM PK99480 du 29 octobre 2009",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM PK99477 du 29 octobre 2009",
      "url": null
    }
  ]
}

CERTA-2009-AVI-244

Vulnerability from certfr_avis - Published: 2009-06-19 - Updated: 2009-06-19

Plusieurs vulnérabilités présentes dans APR-util permettent à un utilisateur distant de provoquer un déni de service ou de porter atteinte à la confidentialité de certaines données.

Description

APR-util (Apache Portable Runtime) est une bibliothèque de fonctions constituant un socle commun et multi-platforme d'outils sur lesquels s'appuie le serveur Web Apache pour fonctionner. Trois vulnérabilités sont présentes dans cette bibliothèque :

La première (CVE-2009-1955) est relative à la manipulation des fichiers au format XML et permet à un utilisateur distant de provoquer un déni de service par le biais d'un fichier XML particulier ;
la seconde (CVE-2009-0023) concerne la fonction apr_strmatch_precompile() et permet à un utilisateur distant de provoquer un déni de service ;
la dernière (CVE-2009-1956) est présente dans la fonction apr_brigade_vprintf() et permet à un utilisateur distant de provoquer un déni de service ou d'obtenir un contenu partiel de la mémoire.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	N/A	N/A	toutes les versions de APR-util antérieures à 1.3.7 : CVE-2009-1955.
	N/A	N/A	toutes les versions de APR-util antérieures à 1.3.5 : CVE-2009-0023 et CVE-2009-1956 ;

References

Title

Publication Time

Tags

Liste des changements apportés à la version 1.3.7 de APR-util	None	vendor-advisory
Bulletin de sécurité Mandriva MDVSA-2009:131 du 06 juin 2009 :	-	other
Bulletin de sécurité Ubuntu USN-786-1 du 10 juin 2009 :	-	other
liste des changements apportés aux versions 1.3.5 et 1.3.7 de APR-util :	-	other
Bulletin de sécurité Debian DSA 1812 du 04 juin 2009 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "toutes les versions de APR-util ant\u00e9rieures \u00e0 1.3.7 : CVE-2009-1955.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "toutes les versions de APR-util ant\u00e9rieures \u00e0 1.3.5 : CVE-2009-0023 et CVE-2009-1956 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nAPR-util (Apache Portable Runtime) est une biblioth\u00e8que de fonctions\nconstituant un socle commun et multi-platforme d\u0027outils sur lesquels\ns\u0027appuie le serveur Web Apache pour fonctionner. Trois vuln\u00e9rabilit\u00e9s\nsont pr\u00e9sentes dans cette biblioth\u00e8que :\n\n-   La premi\u00e8re (CVE-2009-1955) est relative \u00e0 la manipulation des\n    fichiers au format XML et permet \u00e0 un utilisateur distant de\n    provoquer un d\u00e9ni de service par le biais d\u0027un fichier XML\n    particulier ;\n-   la seconde (CVE-2009-0023) concerne la fonction\n    apr_strmatch_precompile() et permet \u00e0 un utilisateur distant de\n    provoquer un d\u00e9ni de service ;\n-   la derni\u00e8re (CVE-2009-1956) est pr\u00e9sente dans la fonction\n    apr_brigade_vprintf() et permet \u00e0 un utilisateur distant de\n    provoquer un d\u00e9ni de service ou d\u0027obtenir un contenu partiel de la\n    m\u00e9moire.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2009-0023",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0023"
    },
    {
      "name": "CVE-2009-1956",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1956"
    },
    {
      "name": "CVE-2009-1955",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1955"
    }
  ],
  "initial_release_date": "2009-06-19T00:00:00",
  "last_revision_date": "2009-06-19T00:00:00",
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Mandriva MDVSA-2009:131 du 06 juin    2009 :",
      "url": "http://www.mandriva.com/archives/security/advisories"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-786-1 du 10 juin 2009 :",
      "url": "http://www.ubuntulinux.org/usn/usn-786-1"
    },
    {
      "title": "liste des changements apport\u00e9s aux versions 1.3.5 et 1.3.7    de APR-util :",
      "url": "http://www.apache.org/dist/apr/CHANGES-APR-UTIL-1.3"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Debian DSA 1812 du 04 juin 2009 :",
      "url": "http://www.debian.org/security/2009/dsa-1812"
    }
  ],
  "reference": "CERTA-2009-AVI-244",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2009-06-19T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "Plusieurs vuln\u00e9rabilit\u00e9s pr\u00e9sentes dans APR-util permettent \u00e0 un\nutilisateur distant de provoquer un d\u00e9ni de service ou de porter\natteinte \u00e0 la confidentialit\u00e9 de certaines donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s de APR-util",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Liste des changements apport\u00e9s \u00e0 la version 1.3.7 de APR-util",
      "url": null
    }
  ]
}

CERTA-2009-AVI-487

Vulnerability from certfr_avis - Published: 2009-11-10 - Updated: 2009-11-10

De multiples vulnérabilités dans Apple MacOS X permettent entre autres l'exécution de code arbitraire à distance.

Description

L'éditeur Apple a publié un ensemble de correctifs pour les applications livrées avec son système d'exploitation Mac OS X. L'exploitation des vulnérabilités par une personne malintentionnée pourrait permettre, entre autres, l'exécution de code arbitraire à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Apple	macOS	Mac OS X 10.5 ;
Apple	macOS	Mac OS X 10.6 ;
Apple	macOS	Mac OS X Server 10.5 ;
Apple	macOS	Mac OS X Server 10.6.

References

Title

Publication Time

Tags

Bulletin de sécurité Apple HT3937 du 09 novembre 2009

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Mac OS X 10.5 ;",
      "product": {
        "name": "macOS",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Mac OS X 10.6 ;",
      "product": {
        "name": "macOS",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Mac OS X Server 10.5 ;",
      "product": {
        "name": "macOS",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Mac OS X Server 10.6.",
      "product": {
        "name": "macOS",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nL\u0027\u00e9diteur Apple a publi\u00e9 un ensemble de correctifs pour les applications\nlivr\u00e9es avec son syst\u00e8me d\u0027exploitation Mac OS X. L\u0027exploitation des\nvuln\u00e9rabilit\u00e9s par une personne malintentionn\u00e9e pourrait permettre,\nentre autres, l\u0027ex\u00e9cution de code arbitraire \u00e0 distance.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2009-2832",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2832"
    },
    {
      "name": "CVE-2009-3293",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3293"
    },
    {
      "name": "CVE-2009-2820",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2820"
    },
    {
      "name": "CVE-2009-1890",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1890"
    },
    {
      "name": "CVE-2009-3292",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3292"
    },
    {
      "name": "CVE-2009-2839",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2839"
    },
    {
      "name": "CVE-2009-2825",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2825"
    },
    {
      "name": "CVE-2009-2810",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2810"
    },
    {
      "name": "CVE-2009-2411",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2411"
    },
    {
      "name": "CVE-2009-2408",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2408"
    },
    {
      "name": "CVE-2009-2416",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2416"
    },
    {
      "name": "CVE-2009-2798",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2798"
    },
    {
      "name": "CVE-2007-6698",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-6698"
    },
    {
      "name": "CVE-2009-2833",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2833"
    },
    {
      "name": "CVE-2009-2203",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2203"
    },
    {
      "name": "CVE-2009-2823",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2823"
    },
    {
      "name": "CVE-2009-2840",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2840"
    },
    {
      "name": "CVE-2009-2824",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2824"
    },
    {
      "name": "CVE-2009-2819",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2819"
    },
    {
      "name": "CVE-2009-1891",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1891"
    },
    {
      "name": "CVE-2009-0023",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0023"
    },
    {
      "name": "CVE-2009-2838",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2838"
    },
    {
      "name": "CVE-2009-1632",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1632"
    },
    {
      "name": "CVE-2009-2818",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2818"
    },
    {
      "name": "CVE-2009-1956",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1956"
    },
    {
      "name": "CVE-2007-5707",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-5707"
    },
    {
      "name": "CVE-2008-0658",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0658"
    },
    {
      "name": "CVE-2009-2412",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2412"
    },
    {
      "name": "CVE-2009-1195",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1195"
    },
    {
      "name": "CVE-2009-1191",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1191"
    },
    {
      "name": "CVE-2009-2808",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2808"
    },
    {
      "name": "CVE-2009-2830",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2830"
    },
    {
      "name": "CVE-2008-5161",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-5161"
    },
    {
      "name": "CVE-2009-3111",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3111"
    },
    {
      "name": "CVE-2009-2829",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2829"
    },
    {
      "name": "CVE-2009-2826",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2826"
    },
    {
      "name": "CVE-2009-2414",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2414"
    },
    {
      "name": "CVE-2009-2285",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2285"
    },
    {
      "name": "CVE-2009-3291",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3291"
    },
    {
      "name": "CVE-2009-2837",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2837"
    },
    {
      "name": "CVE-2009-2409",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2409"
    },
    {
      "name": "CVE-2009-2836",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2836"
    },
    {
      "name": "CVE-2009-2799",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2799"
    },
    {
      "name": "CVE-2009-1574",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1574"
    },
    {
      "name": "CVE-2009-2835",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2835"
    },
    {
      "name": "CVE-2009-2831",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2831"
    },
    {
      "name": "CVE-2009-3235",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3235"
    },
    {
      "name": "CVE-2009-1955",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1955"
    },
    {
      "name": "CVE-2009-2828",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2828"
    },
    {
      "name": "CVE-2009-2202",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2202"
    }
  ],
  "initial_release_date": "2009-11-10T00:00:00",
  "last_revision_date": "2009-11-10T00:00:00",
  "links": [],
  "reference": "CERTA-2009-AVI-487",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2009-11-10T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s dans Apple MacOS X permettent entre autres\nl\u0027ex\u00e9cution de code arbitraire \u00e0 distance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Apple MacOS X",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT3937 du 09 novembre 2009",
      "url": "http://docs.info.apple.com/article.html?artnum=HT3937"
    }
  ]
}

CERTA-2010-AVI-211

Vulnerability from certfr_avis - Published: 2010-05-14 - Updated: 2010-05-14

IBM publie un correctif cumulatif remédiant à des vulnérabilités de son serveur HTTP dont les plus graves permettent à un utilisateur malveillant d'exécuter du code arbitraire à distance.

Description

Plusieurs vulnérabilités sont corrigées dans le correctif cumulatif. Elles permettaient à un utilisateur malveillant de réaliser :

de l'exécution de code arbitraire à distance ;
un déni de service à distance ;
un contournement de la politique de sécurité ;
une atteinte à la confidentialité des données ;
une élévation de privilèges ;
de l'injection de code indirecte à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

IBM HTTP Server 2.x.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité IBM swg1PM10658 du 10 mai 2010

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cp\u003eIBM HTTP Server 2.x.\u003c/p\u003e",
  "content": "## Description\n\nPlusieurs vuln\u00e9rabilit\u00e9s sont corrig\u00e9es dans le correctif cumulatif.\nElles permettaient \u00e0 un utilisateur malveillant de r\u00e9aliser\u00a0:\n\n-   de l\u0027ex\u00e9cution de code arbitraire \u00e0 distance ;\n-   un d\u00e9ni de service \u00e0 distance ;\n-   un contournement de la politique de s\u00e9curit\u00e9 ;\n-   une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es ;\n-   une \u00e9l\u00e9vation de privil\u00e8ges ;\n-   de l\u0027injection de code indirecte \u00e0 distance.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2008-0005",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0005"
    },
    {
      "name": "CVE-2010-0434",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0434"
    },
    {
      "name": "CVE-2009-3094",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3094"
    },
    {
      "name": "CVE-2009-3095",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3095"
    },
    {
      "name": "CVE-2010-0425",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0425"
    },
    {
      "name": "CVE-2009-3555",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3555"
    },
    {
      "name": "CVE-2009-1891",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1891"
    },
    {
      "name": "CVE-2009-0023",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0023"
    },
    {
      "name": "CVE-2009-1956",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1956"
    },
    {
      "name": "CVE-2009-2412",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2412"
    },
    {
      "name": "CVE-2008-2364",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2364"
    },
    {
      "name": "CVE-2008-2939",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2939"
    },
    {
      "name": "CVE-2009-1955",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1955"
    }
  ],
  "initial_release_date": "2010-05-14T00:00:00",
  "last_revision_date": "2010-05-14T00:00:00",
  "links": [],
  "reference": "CERTA-2010-AVI-211",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2010-05-14T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "IBM publie un correctif cumulatif rem\u00e9diant \u00e0 des vuln\u00e9rabilit\u00e9s de son\nserveur HTTP dont les plus graves permettent \u00e0 un utilisateur\nmalveillant d\u0027ex\u00e9cuter du code arbitraire \u00e0 distance.\n",
  "title": "Vuln\u00e9rabilit\u00e9s dans le serveur HTTP d\u0027IBM",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM swg1PM10658 du 10 mai 2010",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM10658"
    }
  ]
}

CERTA-2012-AVI-023

Vulnerability from certfr_avis - Published: 2012-01-18 - Updated: 2012-01-18

Plusieurs vulnérabilités découvertes dans les produits IBM ont été corrigées par l'éditeur.

Description

Plusieurs vulnérabilités dans les produits IBM peuvent être exploitées par une personne malintentionnée afin de contourner la politique de sécurité, d'injecter du code indirect à distance, de réaliser un déni de service distant, d'élever ses privilèges ou encore d'exécuter du code arbitraire à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
IBM	N/A	IBM Rational License Key Server 8.x ;
IBM	WebSphere	IBM WebSphere Application Server 6.1.x ;
IBM	WebSphere	IBM WebSphere Application Server 7.0.x ;
IBM	N/A	IBM HTTP Server 7.0.x.
IBM	WebSphere	IBM WebSphere Application Server 8.0.x ;

References

Title

Publication Time

Tags

Bulletin de sécurité IBM swg21577760 du 10 janvier 2012 :	-	other
Bulletin de sécurité IBM swg27014506 du 16 janvier 2012 :	-	other
Bulletin de sécurité IBM swg1PM54061 du 12 janvier 2012 :	-	other
Bulletin de sécurité IBM swg1PM48384 du 21 septembre 2011 :	-	other
Bulletin de sécurité IBM swg24031821 du 17 janvier 2012 :	-	other
Bulletin de sécurité IBM swg1PM50426 du 19 octobre 2011 :	-	other
Bulletin de sécurité IBM swg1PM45731 du 12 janvier 2012 :	-	other
Bulletin de sécurité IBM swg227022958 du 16 janvier 2012 :	-	other
Bulletin de sécurité IBM swg1PM47852 du 14 septembre 2011 :	-	other
Bulletin de sécurité IBM swg227014463 du 16 janvier 2012 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "IBM Rational License Key Server 8.x ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM WebSphere Application Server 6.1.x ;",
      "product": {
        "name": "WebSphere",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM WebSphere Application Server 7.0.x ;",
      "product": {
        "name": "WebSphere",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM HTTP Server 7.0.x.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM WebSphere Application Server 8.0.x ;",
      "product": {
        "name": "WebSphere",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nPlusieurs vuln\u00e9rabilit\u00e9s dans les produits IBM peuvent \u00eatre exploit\u00e9es\npar une personne malintentionn\u00e9e afin de contourner la politique de\ns\u00e9curit\u00e9, d\u0027injecter du code indirect \u00e0 distance, de r\u00e9aliser un d\u00e9ni de\nservice distant, d\u0027\u00e9lever ses privil\u00e8ges ou encore d\u0027ex\u00e9cuter du code\narbitraire \u00e0 distance.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2011-3192",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3192"
    },
    {
      "name": "CVE-2009-1890",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1890"
    },
    {
      "name": "CVE-2011-3348",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3348"
    },
    {
      "name": "CVE-2009-3560",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3560"
    },
    {
      "name": "CVE-2011-1389",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1389"
    },
    {
      "name": "CVE-2010-0434",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0434"
    },
    {
      "name": "CVE-2010-1623",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1623"
    },
    {
      "name": "CVE-2009-3094",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3094"
    },
    {
      "name": "CVE-2009-3095",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3095"
    },
    {
      "name": "CVE-2010-2068",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2068"
    },
    {
      "name": "CVE-2010-1452",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1452"
    },
    {
      "name": "CVE-2009-3555",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3555"
    },
    {
      "name": "CVE-2009-1891",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1891"
    },
    {
      "name": "CVE-2009-0023",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0023"
    },
    {
      "name": "CVE-2009-1956",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1956"
    },
    {
      "name": "CVE-2009-2412",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2412"
    },
    {
      "name": "CVE-2011-3607",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3607"
    },
    {
      "name": "CVE-2009-1195",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1195"
    },
    {
      "name": "CVE-2010-0408",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0408"
    },
    {
      "name": "CVE-2011-3368",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3368"
    },
    {
      "name": "CVE-2011-3639",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3639"
    },
    {
      "name": "CVE-2011-4317",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-4317"
    },
    {
      "name": "CVE-2009-3720",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3720"
    },
    {
      "name": "CVE-2011-0419",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0419"
    },
    {
      "name": "CVE-2009-1955",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1955"
    }
  ],
  "initial_release_date": "2012-01-18T00:00:00",
  "last_revision_date": "2012-01-18T00:00:00",
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 IBM swg21577760 du 10 janvier 2012 :",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21577760"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 IBM swg27014506 du 16 janvier 2012 :",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg27014506"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 IBM swg1PM54061 du 12 janvier 2012 :",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM54061"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 IBM swg1PM48384 du 21 septembre 2011 :",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM48384"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 IBM swg24031821 du 17 janvier 2012 :",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg24031821"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 IBM swg1PM50426 du 19 octobre 2011 :",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM50426"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 IBM swg1PM45731 du 12 janvier 2012 :",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM45731"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 IBM swg227022958 du 16 janvier 2012 :",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg227022958"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 IBM swg1PM47852 du 14 septembre 2011 :",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM47852"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 IBM swg227014463 du 16 janvier 2012 :",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg227014463"
    }
  ],
  "reference": "CERTA-2012-AVI-023",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2012-01-18T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "Plusieurs vuln\u00e9rabilit\u00e9s d\u00e9couvertes dans les produits IBM ont \u00e9t\u00e9\ncorrig\u00e9es par l\u0027\u00e9diteur.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
  "vendor_advisories": []
}

CERTA-2013-AVI-247

Vulnerability from certfr_avis - Published: 2013-04-17 - Updated: 2013-04-17

De multiples vulnérabilités ont été corrigées dans Oracle Fusion Middleware. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance, une atteinte à l'intégrité des données et une atteinte à la confidentialité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Oracle	N/A	Oracle WebLogic Server version 12.1.1
Oracle	N/A	Oracle WebCenter Sites version 7.6.2
Oracle	N/A	Oracle HTTP Server version 11.1.1.6.0
Oracle	N/A	Oracle COREid Access version 10.1.4.3.0
Oracle	N/A	Oracle WebCenter Interaction version 10.3.3.0
Oracle	N/A	Oracle HTTP Server version 10.1.3.5
Oracle	N/A	Oracle WebLogic Server version 10.3.5
Oracle	N/A	Oracle WebCenter Content version 10.1.3.5.1
Oracle	N/A	Oracle WebCenter Sites version 11.1.1.6.1
Oracle	N/A	Oracle Web Services Manager version 11.1.1.6.0
Oracle	N/A	Oracle JRockit versions R27.7.4 et antérieures
Oracle	N/A	Oracle Outside In Technology version 8.4.0
Oracle	N/A	Oracle WebCenter Content version 11.1.1.6.0
Oracle	N/A	Oracle WebCenter Interaction version 6.5.1
Oracle	N/A	Oracle WebLogic Server version 10.3.6
Oracle	N/A	Oracle HTTP Server version 11.1.1.5.0
Oracle	N/A	Oracle GoldenGate Veridata version 3.0.0.11
Oracle	N/A	Oracle WebLogic Server version 10.0.2
Oracle	N/A	Oracle WebCenter Capture version 10.1.3.5.1
Oracle	N/A	Oracle WebCenter Sites version 11.1.1.6.0
Oracle	N/A	Oracle Outside In Technology version 8.3.7
Oracle	N/A	Oracle JRockit versions R28.2.6 et antérieures
Oracle	N/A	Oracle Containers pour J2EE version 10.1.3.5

References

Title

Publication Time

Tags

Bulletin de sécurité Oracle CPUApr2013 du 16 avril 2013

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Oracle WebLogic Server version 12.1.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle WebCenter Sites version 7.6.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle HTTP Server version 11.1.1.6.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle COREid Access version 10.1.4.3.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle WebCenter Interaction version 10.3.3.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle HTTP Server version 10.1.3.5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle WebLogic Server version 10.3.5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle WebCenter Content version 10.1.3.5.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle WebCenter Sites version 11.1.1.6.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Web Services Manager version 11.1.1.6.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle JRockit versions R27.7.4 et ant\u00e9rieures",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Outside In Technology version 8.4.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle WebCenter Content version 11.1.1.6.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle WebCenter Interaction version 6.5.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle WebLogic Server version 10.3.6",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle HTTP Server version 11.1.1.5.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle GoldenGate Veridata version 3.0.0.11",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle WebLogic Server version 10.0.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle WebCenter Capture version 10.1.3.5.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle WebCenter Sites version 11.1.1.6.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Outside In Technology version 8.3.7",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle JRockit versions R28.2.6 et ant\u00e9rieures",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Containers pour J2EE version 10.1.3.5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2013-1497",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-1497"
    },
    {
      "name": "CVE-2013-1509",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-1509"
    },
    {
      "name": "CVE-2009-1890",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1890"
    },
    {
      "name": "CVE-2007-1862",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-1862"
    },
    {
      "name": "CVE-2013-1542",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-1542"
    },
    {
      "name": "CVE-2013-1516",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-1516"
    },
    {
      "name": "CVE-2010-2791",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2791"
    },
    {
      "name": "CVE-2013-1514",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-1514"
    },
    {
      "name": "CVE-2012-4303",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-4303"
    },
    {
      "name": "CVE-2013-1522",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-1522"
    },
    {
      "name": "CVE-2009-2699",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2699"
    },
    {
      "name": "CVE-2010-2068",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2068"
    },
    {
      "name": "CVE-2013-1565",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-1565"
    },
    {
      "name": "CVE-2009-0023",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0023"
    },
    {
      "name": "CVE-2009-1956",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1956"
    },
    {
      "name": "CVE-2009-1191",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1191"
    },
    {
      "name": "CVE-2013-2380",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-2380"
    },
    {
      "name": "CVE-2013-2390",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-2390"
    },
    {
      "name": "CVE-2010-0408",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0408"
    },
    {
      "name": "CVE-2013-1545",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-1545"
    },
    {
      "name": "CVE-2013-1503",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-1503"
    },
    {
      "name": "CVE-2013-2393",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-2393"
    },
    {
      "name": "CVE-2012-0841",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0841"
    },
    {
      "name": "CVE-2013-1553",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-1553"
    },
    {
      "name": "CVE-2013-1559",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-1559"
    },
    {
      "name": "CVE-2012-2751",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-2751"
    },
    {
      "name": "CVE-2013-1504",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-1504"
    },
    {
      "name": "CVE-2013-1529",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-1529"
    },
    {
      "name": "CVE-2009-1955",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1955"
    }
  ],
  "initial_release_date": "2013-04-17T00:00:00",
  "last_revision_date": "2013-04-17T00:00:00",
  "links": [],
  "reference": "CERTA-2013-AVI-247",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2013-04-17T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eOracle Fusion Middleware\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance, un d\u00e9ni de service \u00e0 distance, une atteinte \u00e0 l\u0027int\u00e9grit\u00e9\ndes donn\u00e9es et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Oracle Fusion Middleware",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Oracle CPUApr2013 du 16 avril 2013",
      "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html"
    }
  ]
}

CERTA-2009-AVI-408

Vulnerability from certfr_avis - Published: 2009-09-25 - Updated: 2009-09-25

De multiples vulnérabilités permettant d'accéder à des données sensibles ou de réaliser un déni de service ont été découvertes dans le serveur Internet IBM HTTP Server.

Description

De nombreuses vulnérabilités ont été découvertes dans le serveur IBM HTTP Server. L'exploitation de ces vulnérabilités permet d'accéder à des informations sensibles ou de réaliser un déni de service à distance.

L'éditeur n'a pas fourni plus d'informations sur l'exploitation de ces vulnérabilités.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
IBM	N/A	IBM HTTP Server versions 6.1.x ;
IBM	N/A	IBM HTTP Server versions 6.0.x ;
IBM	N/A	IBM HTTP Server versions 7.0.x ;

References

Title

Publication Time

Tags

Bulletin de sécurité IBM 4023947 du 08 septembre 2009	None	vendor-advisory
Bulletin de sécurité IBM swg24023947 du 08 septembre 2009 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "IBM HTTP Server versions 6.1.x ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM HTTP Server versions 6.0.x ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM HTTP Server versions 7.0.x ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nDe nombreuses vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le serveur IBM\nHTTP Server. L\u0027exploitation de ces vuln\u00e9rabilit\u00e9s permet d\u0027acc\u00e9der \u00e0 des\ninformations sensibles ou de r\u00e9aliser un d\u00e9ni de service \u00e0 distance.\n\nL\u0027\u00e9diteur n\u0027a pas fourni plus d\u0027informations sur l\u0027exploitation de ces\nvuln\u00e9rabilit\u00e9s.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2009-1890",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1890"
    },
    {
      "name": "CVE-2009-1891",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1891"
    },
    {
      "name": "CVE-2009-0023",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0023"
    },
    {
      "name": "CVE-2009-1956",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1956"
    },
    {
      "name": "CVE-2009-1955",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1955"
    }
  ],
  "initial_release_date": "2009-09-25T00:00:00",
  "last_revision_date": "2009-09-25T00:00:00",
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 IBM swg24023947 du 08 septembre 2009 :",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg24023947"
    }
  ],
  "reference": "CERTA-2009-AVI-408",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2009-09-25T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s permettant d\u0027acc\u00e9der \u00e0 des donn\u00e9es sensibles\nou de r\u00e9aliser un d\u00e9ni de service ont \u00e9t\u00e9 d\u00e9couvertes dans le serveur\nInternet IBM HTTP Server.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans IBM HTTP Server",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 4023947 du 08 septembre 2009",
      "url": null
    }
  ]
}

GSD-2009-0023

Vulnerability from gsd - Updated: 2023-12-13 01:19

Details

Aliases

CVE-2009-0023

Aliases

CVE-2009-0023

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2009-0023",
    "description": "The apr_strmatch_precompile function in strmatch/apr_strmatch.c in Apache APR-util before 1.3.5 allows remote attackers to cause a denial of service (daemon crash) via crafted input involving (1) a .htaccess file used with the Apache HTTP Server, (2) the SVNMasterURI directive in the mod_dav_svn module in the Apache HTTP Server, (3) the mod_apreq2 module for the Apache HTTP Server, or (4) an application that uses the libapreq2 library, which triggers a heap-based buffer underflow.",
    "id": "GSD-2009-0023",
    "references": [
      "https://www.suse.com/security/cve/CVE-2009-0023.html",
      "https://www.debian.org/security/2009/dsa-1812",
      "https://access.redhat.com/errata/RHSA-2010:0602",
      "https://access.redhat.com/errata/RHSA-2009:1160",
      "https://access.redhat.com/errata/RHSA-2009:1108",
      "https://access.redhat.com/errata/RHSA-2009:1107",
      "https://linux.oracle.com/cve/CVE-2009-0023.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2009-0023"
      ],
      "details": "The apr_strmatch_precompile function in strmatch/apr_strmatch.c in Apache APR-util before 1.3.5 allows remote attackers to cause a denial of service (daemon crash) via crafted input involving (1) a .htaccess file used with the Apache HTTP Server, (2) the SVNMasterURI directive in the mod_dav_svn module in the Apache HTTP Server, (3) the mod_apreq2 module for the Apache HTTP Server, or (4) an application that uses the libapreq2 library, which triggers a heap-based buffer underflow.",
      "id": "GSD-2009-0023",
      "modified": "2023-12-13T01:19:44.204045Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secalert@redhat.com",
        "ID": "CVE-2009-0023",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The apr_strmatch_precompile function in strmatch/apr_strmatch.c in Apache APR-util before 1.3.5 allows remote attackers to cause a denial of service (daemon crash) via crafted input involving (1) a .htaccess file used with the Apache HTTP Server, (2) the SVNMasterURI directive in the mod_dav_svn module in the Apache HTTP Server, (3) the mod_apreq2 module for the Apache HTTP Server, or (4) an application that uses the libapreq2 library, which triggers a heap-based buffer underflow."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://marc.info/?l=bugtraq\u0026m=129190899612998\u0026w=2",
            "refsource": "MISC",
            "url": "http://marc.info/?l=bugtraq\u0026m=129190899612998\u0026w=2"
          },
          {
            "name": "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E",
            "refsource": "MISC",
            "url": "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E"
          },
          {
            "name": "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E",
            "refsource": "MISC",
            "url": "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E"
          },
          {
            "name": "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E",
            "refsource": "MISC",
            "url": "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E"
          },
          {
            "name": "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E",
            "refsource": "MISC",
            "url": "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E"
          },
          {
            "name": "https://lists.apache.org/thread.html/r8c9983f1172a3415f915ddb7e14de632d2d0c326eb1285755a024165%40%3Ccvs.httpd.apache.org%3E",
            "refsource": "MISC",
            "url": "https://lists.apache.org/thread.html/r8c9983f1172a3415f915ddb7e14de632d2d0c326eb1285755a024165%40%3Ccvs.httpd.apache.org%3E"
          },
          {
            "name": "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E",
            "refsource": "MISC",
            "url": "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E"
          },
          {
            "name": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
            "refsource": "MISC",
            "url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E"
          },
          {
            "name": "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E",
            "refsource": "MISC",
            "url": "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E"
          },
          {
            "name": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
            "refsource": "MISC",
            "url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E"
          },
          {
            "name": "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E",
            "refsource": "MISC",
            "url": "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E"
          },
          {
            "name": "http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html",
            "refsource": "MISC",
            "url": "http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html"
          },
          {
            "name": "http://secunia.com/advisories/37221",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/37221"
          },
          {
            "name": "http://support.apple.com/kb/HT3937",
            "refsource": "MISC",
            "url": "http://support.apple.com/kb/HT3937"
          },
          {
            "name": "http://www.vupen.com/english/advisories/2009/3184",
            "refsource": "MISC",
            "url": "http://www.vupen.com/english/advisories/2009/3184"
          },
          {
            "name": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150",
            "refsource": "MISC",
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150"
          },
          {
            "name": "http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html",
            "refsource": "MISC",
            "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html"
          },
          {
            "name": "https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3Ccvs.httpd.apache.org%3E",
            "refsource": "MISC",
            "url": "https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3Ccvs.httpd.apache.org%3E"
          },
          {
            "name": "http://secunia.com/advisories/34724",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/34724"
          },
          {
            "name": "http://secunia.com/advisories/35284",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/35284"
          },
          {
            "name": "http://secunia.com/advisories/35360",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/35360"
          },
          {
            "name": "http://secunia.com/advisories/35395",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/35395"
          },
          {
            "name": "http://secunia.com/advisories/35444",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/35444"
          },
          {
            "name": "http://secunia.com/advisories/35487",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/35487"
          },
          {
            "name": "http://secunia.com/advisories/35565",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/35565"
          },
          {
            "name": "http://secunia.com/advisories/35710",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/35710"
          },
          {
            "name": "http://secunia.com/advisories/35797",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/35797"
          },
          {
            "name": "http://secunia.com/advisories/35843",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/35843"
          },
          {
            "name": "http://security.gentoo.org/glsa/glsa-200907-03.xml",
            "refsource": "MISC",
            "url": "http://security.gentoo.org/glsa/glsa-200907-03.xml"
          },
          {
            "name": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2009\u0026m=slackware-security.538210",
            "refsource": "MISC",
            "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2009\u0026m=slackware-security.538210"
          },
          {
            "name": "http://svn.apache.org/viewvc?view=rev\u0026revision=779880",
            "refsource": "MISC",
            "url": "http://svn.apache.org/viewvc?view=rev\u0026revision=779880"
          },
          {
            "name": "http://wiki.rpath.com/Advisories:rPSA-2009-0144",
            "refsource": "MISC",
            "url": "http://wiki.rpath.com/Advisories:rPSA-2009-0144"
          },
          {
            "name": "http://www-01.ibm.com/support/docview.wss?uid=swg1PK88341",
            "refsource": "MISC",
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PK88341"
          },
          {
            "name": "http://www-01.ibm.com/support/docview.wss?uid=swg1PK91241",
            "refsource": "MISC",
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PK91241"
          },
          {
            "name": "http://www-01.ibm.com/support/docview.wss?uid=swg1PK99478",
            "refsource": "MISC",
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PK99478"
          },
          {
            "name": "http://www-01.ibm.com/support/docview.wss?uid=swg27014463",
            "refsource": "MISC",
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg27014463"
          },
          {
            "name": "http://www.apache.org/dist/apr/CHANGES-APR-UTIL-1.3",
            "refsource": "MISC",
            "url": "http://www.apache.org/dist/apr/CHANGES-APR-UTIL-1.3"
          },
          {
            "name": "http://www.debian.org/security/2009/dsa-1812",
            "refsource": "MISC",
            "url": "http://www.debian.org/security/2009/dsa-1812"
          },
          {
            "name": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:131",
            "refsource": "MISC",
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:131"
          },
          {
            "name": "http://www.redhat.com/support/errata/RHSA-2009-1107.html",
            "refsource": "MISC",
            "url": "http://www.redhat.com/support/errata/RHSA-2009-1107.html"
          },
          {
            "name": "http://www.redhat.com/support/errata/RHSA-2009-1108.html",
            "refsource": "MISC",
            "url": "http://www.redhat.com/support/errata/RHSA-2009-1108.html"
          },
          {
            "name": "http://www.securityfocus.com/archive/1/507855/100/0/threaded",
            "refsource": "MISC",
            "url": "http://www.securityfocus.com/archive/1/507855/100/0/threaded"
          },
          {
            "name": "http://www.securityfocus.com/bid/35221",
            "refsource": "MISC",
            "url": "http://www.securityfocus.com/bid/35221"
          },
          {
            "name": "http://www.ubuntu.com/usn/usn-786-1",
            "refsource": "MISC",
            "url": "http://www.ubuntu.com/usn/usn-786-1"
          },
          {
            "name": "http://www.ubuntu.com/usn/usn-787-1",
            "refsource": "MISC",
            "url": "http://www.ubuntu.com/usn/usn-787-1"
          },
          {
            "name": "http://www.vupen.com/english/advisories/2009/1907",
            "refsource": "MISC",
            "url": "http://www.vupen.com/english/advisories/2009/1907"
          },
          {
            "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50964",
            "refsource": "MISC",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50964"
          },
          {
            "name": "https://lists.apache.org/thread.html/r7dd6be4dc38148704f2edafb44a8712abaa3a2be120d6c3314d55919%40%3Ccvs.httpd.apache.org%3E",
            "refsource": "MISC",
            "url": "https://lists.apache.org/thread.html/r7dd6be4dc38148704f2edafb44a8712abaa3a2be120d6c3314d55919%40%3Ccvs.httpd.apache.org%3E"
          },
          {
            "name": "https://lists.apache.org/thread.html/r84d043c2115176958562133d96d851495d712aa49da155d81f6733be%40%3Ccvs.httpd.apache.org%3E",
            "refsource": "MISC",
            "url": "https://lists.apache.org/thread.html/r84d043c2115176958562133d96d851495d712aa49da155d81f6733be%40%3Ccvs.httpd.apache.org%3E"
          },
          {
            "name": "https://lists.apache.org/thread.html/rc4c53a0d57b2771ecd4b965010580db355e38137c8711311ee1073a8%40%3Ccvs.httpd.apache.org%3E",
            "refsource": "MISC",
            "url": "https://lists.apache.org/thread.html/rc4c53a0d57b2771ecd4b965010580db355e38137c8711311ee1073a8%40%3Ccvs.httpd.apache.org%3E"
          },
          {
            "name": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10968",
            "refsource": "MISC",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10968"
          },
          {
            "name": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12321",
            "refsource": "MISC",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12321"
          },
          {
            "name": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01173.html",
            "refsource": "MISC",
            "url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01173.html"
          },
          {
            "name": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01201.html",
            "refsource": "MISC",
            "url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01201.html"
          },
          {
            "name": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01228.html",
            "refsource": "MISC",
            "url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01228.html"
          },
          {
            "name": "https://bugzilla.redhat.com/show_bug.cgi?id=503928",
            "refsource": "MISC",
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=503928"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "cve": {
        "configurations": [
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:a:apache:apr-util:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "16176496-B955-4F98-A395-9709C927D9BC",
                    "versionEndIncluding": "1.3.4",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:apache:apr-util:0.9.1:*:*:*:*:*:*:*",
                    "matchCriteriaId": "6EC87975-74CA-42E6-84ED-0DD2BF9FFC78",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:apache:apr-util:0.9.2:*:*:*:*:*:*:*",
                    "matchCriteriaId": "9A896FA5-D3FC-4BD9-965A-C9A72D62780D",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:apache:apr-util:0.9.3:*:*:*:*:*:*:*",
                    "matchCriteriaId": "D8EDB1D0-82A9-462F-9B3B-0EDF452341E2",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:apache:apr-util:0.9.4:*:*:*:*:*:*:*",
                    "matchCriteriaId": "F9DFFEDC-F5C7-47C7-95A9-6BF4208A1B48",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:apache:apr-util:0.9.5:*:*:*:*:*:*:*",
                    "matchCriteriaId": "E87B09F2-ECEA-409D-B27B-0747280D4AC6",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:apache:apr-util:1.0:*:*:*:*:*:*:*",
                    "matchCriteriaId": "67AB6223-9546-4906-B502-C82E3969FC76",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:apache:apr-util:1.0.1:*:*:*:*:*:*:*",
                    "matchCriteriaId": "6459BE22-2334-48B3-85B8-5BEEB05A5399",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:apache:apr-util:1.0.2:*:*:*:*:*:*:*",
                    "matchCriteriaId": "A24FB91C-33BC-4305-AD53-0385E3B3F091",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:apache:apr-util:1.1.0:*:*:*:*:*:*:*",
                    "matchCriteriaId": "617C8C4B-8367-4EFB-8DA1-88986F6CDACA",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:apache:apr-util:1.1.1:*:*:*:*:*:*:*",
                    "matchCriteriaId": "D85D6B73-F2CB-427D-9896-6BA79BE96FB5",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:apache:apr-util:1.1.2:*:*:*:*:*:*:*",
                    "matchCriteriaId": "39B4A447-29CC-4D35-B25D-FA845785E66B",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:apache:apr-util:1.2.1:*:*:*:*:*:*:*",
                    "matchCriteriaId": "08B50283-4187-42F7-A2A3-F5789706708B",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:apache:apr-util:1.2.2:*:*:*:*:*:*:*",
                    "matchCriteriaId": "40FD8140-F1E0-4F99-ACDA-926C0ACDC00E",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:apache:apr-util:1.2.6:*:*:*:*:*:*:*",
                    "matchCriteriaId": "61D253E8-528E-47B3-887A-C540A8D91E0D",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:apache:apr-util:1.2.7:*:*:*:*:*:*:*",
                    "matchCriteriaId": "BD1CD8A7-6F0A-4BEB-8E8A-BEDAB71921E3",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:apache:apr-util:1.2.8:*:*:*:*:*:*:*",
                    "matchCriteriaId": "B1D0594C-E2FF-4557-80E6-8F51A4D94F7A",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:apache:apr-util:1.3.0:*:*:*:*:*:*:*",
                    "matchCriteriaId": "1E706184-E7BC-452F-82FE-72EA8C37F4D6",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:apache:apr-util:1.3.1:*:*:*:*:*:*:*",
                    "matchCriteriaId": "867962AD-8EF4-4DC4-96F6-77896CEF3F92",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:apache:apr-util:1.3.2:*:*:*:*:*:*:*",
                    "matchCriteriaId": "0EB78030-8C3B-4ACA-B62B-DC5DC5FBD073",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:apache:apr-util:1.3.3:*:*:*:*:*:*:*",
                    "matchCriteriaId": "E53CBDDE-D914-49A8-B65C-9352487B3CBA",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ]
          },
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "8BBBCFC4-2CFE-42A2-BE6F-2710EB3921A9",
                    "versionEndExcluding": "2.2.12",
                    "versionStartIncluding": "2.2.0",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ]
          }
        ],
        "descriptions": [
          {
            "lang": "en",
            "value": "The apr_strmatch_precompile function in strmatch/apr_strmatch.c in Apache APR-util before 1.3.5 allows remote attackers to cause a denial of service (daemon crash) via crafted input involving (1) a .htaccess file used with the Apache HTTP Server, (2) the SVNMasterURI directive in the mod_dav_svn module in the Apache HTTP Server, (3) the mod_apreq2 module for the Apache HTTP Server, or (4) an application that uses the libapreq2 library, which triggers a heap-based buffer underflow."
          },
          {
            "lang": "es",
            "value": "La funci\u00f3n apr_strmatch_precompile en strmatch/apr_strmatch.c en Apache APR-util anteriores a v1.3.5 permite a los atacantes remotos causar una denegaci\u00f3n de servicio (ca\u00edda del demonio) a trav\u00e9s de una entrada manipulada en 1) un fichero .htaccess utilizado con el Servidor Apache HTTP, (2) la directiva SVNMasterURI en el m\u00f3dulo mod_dav_svn en el Servidor Apache HTTP, (3) el m\u00f3dulo mod_apreq2 para el Servidor Apache HTTP, o (4) una aplicaci\u00f3n que utiliza la librer\u00eda libapreq2, relativa a un \"bandera de desbordamiento inferior\"."
          }
        ],
        "id": "CVE-2009-0023",
        "lastModified": "2024-02-02T16:32:50.033",
        "metrics": {
          "cvssMetricV2": [
            {
              "acInsufInfo": false,
              "baseSeverity": "MEDIUM",
              "cvssData": {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "availabilityImpact": "PARTIAL",
                "baseScore": 4.3,
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
                "version": "2.0"
              },
              "exploitabilityScore": 8.6,
              "impactScore": 2.9,
              "obtainAllPrivilege": false,
              "obtainOtherPrivilege": false,
              "obtainUserPrivilege": false,
              "source": "nvd@nist.gov",
              "type": "Primary",
              "userInteractionRequired": false
            }
          ]
        },
        "published": "2009-06-08T01:00:00.530",
        "references": [
          {
            "source": "secalert@redhat.com",
            "tags": [
              "Mailing List",
              "Third Party Advisory"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html"
          },
          {
            "source": "secalert@redhat.com",
            "tags": [
              "Third Party Advisory"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=129190899612998\u0026w=2"
          },
          {
            "source": "secalert@redhat.com",
            "tags": [
              "Third Party Advisory"
            ],
            "url": "http://secunia.com/advisories/34724"
          },
          {
            "source": "secalert@redhat.com",
            "tags": [
              "Third Party Advisory",
              "Vendor Advisory"
            ],
            "url": "http://secunia.com/advisories/35284"
          },
          {
            "source": "secalert@redhat.com",
            "tags": [
              "Third Party Advisory",
              "Vendor Advisory"
            ],
            "url": "http://secunia.com/advisories/35360"
          },
          {
            "source": "secalert@redhat.com",
            "tags": [
              "Third Party Advisory"
            ],
            "url": "http://secunia.com/advisories/35395"
          },
          {
            "source": "secalert@redhat.com",
            "tags": [
              "Third Party Advisory"
            ],
            "url": "http://secunia.com/advisories/35444"
          },
          {
            "source": "secalert@redhat.com",
            "tags": [
              "Third Party Advisory"
            ],
            "url": "http://secunia.com/advisories/35487"
          },
          {
            "source": "secalert@redhat.com",
            "tags": [
              "Third Party Advisory"
            ],
            "url": "http://secunia.com/advisories/35565"
          },
          {
            "source": "secalert@redhat.com",
            "tags": [
              "Third Party Advisory"
            ],
            "url": "http://secunia.com/advisories/35710"
          },
          {
            "source": "secalert@redhat.com",
            "tags": [
              "Third Party Advisory"
            ],
            "url": "http://secunia.com/advisories/35797"
          },
          {
            "source": "secalert@redhat.com",
            "tags": [
              "Third Party Advisory"
            ],
            "url": "http://secunia.com/advisories/35843"
          },
          {
            "source": "secalert@redhat.com",
            "tags": [
              "Third Party Advisory"
            ],
            "url": "http://secunia.com/advisories/37221"
          },
          {
            "source": "secalert@redhat.com",
            "tags": [
              "Third Party Advisory"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-200907-03.xml"
          },
          {
            "source": "secalert@redhat.com",
            "tags": [
              "Third Party Advisory"
            ],
            "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2009\u0026m=slackware-security.538210"
          },
          {
            "source": "secalert@redhat.com",
            "tags": [
              "Third Party Advisory"
            ],
            "url": "http://support.apple.com/kb/HT3937"
          },
          {
            "source": "secalert@redhat.com",
            "tags": [
              "Third Party Advisory"
            ],
            "url": "http://svn.apache.org/viewvc?view=rev\u0026revision=779880"
          },
          {
            "source": "secalert@redhat.com",
            "tags": [
              "Third Party Advisory"
            ],
            "url": "http://wiki.rpath.com/Advisories:rPSA-2009-0144"
          },
          {
            "source": "secalert@redhat.com",
            "tags": [
              "Third Party Advisory"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PK88341"
          },
          {
            "source": "secalert@redhat.com",
            "tags": [
              "Third Party Advisory"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PK91241"
          },
          {
            "source": "secalert@redhat.com",
            "tags": [
              "Third Party Advisory"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PK99478"
          },
          {
            "source": "secalert@redhat.com",
            "tags": [
              "Third Party Advisory"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg27014463"
          },
          {
            "source": "secalert@redhat.com",
            "tags": [
              "Third Party Advisory"
            ],
            "url": "http://www.apache.org/dist/apr/CHANGES-APR-UTIL-1.3"
          },
          {
            "source": "secalert@redhat.com",
            "tags": [
              "Patch",
              "Third Party Advisory"
            ],
            "url": "http://www.debian.org/security/2009/dsa-1812"
          },
          {
            "source": "secalert@redhat.com",
            "tags": [
              "Third Party Advisory"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:131"
          },
          {
            "source": "secalert@redhat.com",
            "tags": [
              "Third Party Advisory"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150"
          },
          {
            "source": "secalert@redhat.com",
            "tags": [
              "Third Party Advisory"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html"
          },
          {
            "source": "secalert@redhat.com",
            "tags": [
              "Third Party Advisory"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2009-1107.html"
          },
          {
            "source": "secalert@redhat.com",
            "tags": [
              "Third Party Advisory"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2009-1108.html"
          },
          {
            "source": "secalert@redhat.com",
            "tags": [
              "Third Party Advisory",
              "VDB Entry"
            ],
            "url": "http://www.securityfocus.com/archive/1/507855/100/0/threaded"
          },
          {
            "source": "secalert@redhat.com",
            "tags": [
              "Third Party Advisory",
              "VDB Entry"
            ],
            "url": "http://www.securityfocus.com/bid/35221"
          },
          {
            "source": "secalert@redhat.com",
            "tags": [
              "Third Party Advisory"
            ],
            "url": "http://www.ubuntu.com/usn/usn-786-1"
          },
          {
            "source": "secalert@redhat.com",
            "tags": [
              "Third Party Advisory"
            ],
            "url": "http://www.ubuntu.com/usn/usn-787-1"
          },
          {
            "source": "secalert@redhat.com",
            "tags": [
              "Third Party Advisory"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/1907"
          },
          {
            "source": "secalert@redhat.com",
            "tags": [
              "Third Party Advisory"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/3184"
          },
          {
            "source": "secalert@redhat.com",
            "tags": [
              "Issue Tracking",
              "Patch",
              "Third Party Advisory"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=503928"
          },
          {
            "source": "secalert@redhat.com",
            "tags": [
              "Third Party Advisory",
              "VDB Entry"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50964"
          },
          {
            "source": "secalert@redhat.com",
            "tags": [
              "Third Party Advisory"
            ],
            "url": "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E"
          },
          {
            "source": "secalert@redhat.com",
            "tags": [
              "Third Party Advisory"
            ],
            "url": "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E"
          },
          {
            "source": "secalert@redhat.com",
            "tags": [
              "Third Party Advisory"
            ],
            "url": "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E"
          },
          {
            "source": "secalert@redhat.com",
            "tags": [
              "Third Party Advisory"
            ],
            "url": "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E"
          },
          {
            "source": "secalert@redhat.com",
            "tags": [
              "Third Party Advisory"
            ],
            "url": "https://lists.apache.org/thread.html/r7dd6be4dc38148704f2edafb44a8712abaa3a2be120d6c3314d55919%40%3Ccvs.httpd.apache.org%3E"
          },
          {
            "source": "secalert@redhat.com",
            "tags": [
              "Third Party Advisory"
            ],
            "url": "https://lists.apache.org/thread.html/r84d043c2115176958562133d96d851495d712aa49da155d81f6733be%40%3Ccvs.httpd.apache.org%3E"
          },
          {
            "source": "secalert@redhat.com",
            "tags": [
              "Third Party Advisory"
            ],
            "url": "https://lists.apache.org/thread.html/r8c9983f1172a3415f915ddb7e14de632d2d0c326eb1285755a024165%40%3Ccvs.httpd.apache.org%3E"
          },
          {
            "source": "secalert@redhat.com",
            "tags": [
              "Third Party Advisory"
            ],
            "url": "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E"
          },
          {
            "source": "secalert@redhat.com",
            "tags": [
              "Third Party Advisory"
            ],
            "url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E"
          },
          {
            "source": "secalert@redhat.com",
            "tags": [
              "Third Party Advisory"
            ],
            "url": "https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3Ccvs.httpd.apache.org%3E"
          },
          {
            "source": "secalert@redhat.com",
            "tags": [
              "Third Party Advisory"
            ],
            "url": "https://lists.apache.org/thread.html/rc4c53a0d57b2771ecd4b965010580db355e38137c8711311ee1073a8%40%3Ccvs.httpd.apache.org%3E"
          },
          {
            "source": "secalert@redhat.com",
            "tags": [
              "Third Party Advisory"
            ],
            "url": "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E"
          },
          {
            "source": "secalert@redhat.com",
            "tags": [
              "Third Party Advisory"
            ],
            "url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E"
          },
          {
            "source": "secalert@redhat.com",
            "tags": [
              "Third Party Advisory"
            ],
            "url": "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E"
          },
          {
            "source": "secalert@redhat.com",
            "tags": [
              "Third Party Advisory"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10968"
          },
          {
            "source": "secalert@redhat.com",
            "tags": [
              "Third Party Advisory"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12321"
          },
          {
            "source": "secalert@redhat.com",
            "tags": [
              "Third Party Advisory"
            ],
            "url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01173.html"
          },
          {
            "source": "secalert@redhat.com",
            "tags": [
              "Third Party Advisory"
            ],
            "url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01201.html"
          },
          {
            "source": "secalert@redhat.com",
            "tags": [
              "Third Party Advisory"
            ],
            "url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01228.html"
          }
        ],
        "sourceIdentifier": "secalert@redhat.com",
        "vulnStatus": "Analyzed",
        "weaknesses": [
          {
            "description": [
              {
                "lang": "en",
                "value": "CWE-119"
              }
            ],
            "source": "nvd@nist.gov",
            "type": "Primary"
          }
        ]
      }
    }
  }
}

GHSA-8JP8-5574-2Q6Q

Vulnerability from github – Published: 2022-05-02 03:12 – Updated: 2025-04-09 04:10

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2009-0023"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-119"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2009-06-08T01:00:00Z",
    "severity": "MODERATE"
  },
  "details": "The apr_strmatch_precompile function in strmatch/apr_strmatch.c in Apache APR-util before 1.3.5 allows remote attackers to cause a denial of service (daemon crash) via crafted input involving (1) a .htaccess file used with the Apache HTTP Server, (2) the SVNMasterURI directive in the mod_dav_svn module in the Apache HTTP Server, (3) the mod_apreq2 module for the Apache HTTP Server, or (4) an application that uses the libapreq2 library, which triggers a heap-based buffer underflow.",
  "id": "GHSA-8jp8-5574-2q6q",
  "modified": "2025-04-09T04:10:31Z",
  "published": "2022-05-02T03:12:28Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-0023"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3Ccvs.httpd.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24@%3Ccvs.httpd.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/rc4c53a0d57b2771ecd4b965010580db355e38137c8711311ee1073a8%40%3Ccvs.httpd.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/rc4c53a0d57b2771ecd4b965010580db355e38137c8711311ee1073a8@%3Ccvs.httpd.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064@%3Ccvs.httpd.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b@%3Ccvs.httpd.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10968"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12321"
    },
    {
      "type": "WEB",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01173.html"
    },
    {
      "type": "WEB",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01201.html"
    },
    {
      "type": "WEB",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01228.html"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=503928"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50964"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f@%3Ccvs.httpd.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53@%3Ccvs.httpd.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7@%3Ccvs.httpd.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f@%3Ccvs.httpd.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r7dd6be4dc38148704f2edafb44a8712abaa3a2be120d6c3314d55919%40%3Ccvs.httpd.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r7dd6be4dc38148704f2edafb44a8712abaa3a2be120d6c3314d55919@%3Ccvs.httpd.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r84d043c2115176958562133d96d851495d712aa49da155d81f6733be%40%3Ccvs.httpd.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r84d043c2115176958562133d96d851495d712aa49da155d81f6733be@%3Ccvs.httpd.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r8c9983f1172a3415f915ddb7e14de632d2d0c326eb1285755a024165%40%3Ccvs.httpd.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r8c9983f1172a3415f915ddb7e14de632d2d0c326eb1285755a024165@%3Ccvs.httpd.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b@%3Ccvs.httpd.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=bugtraq\u0026m=129190899612998\u0026w=2"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/34724"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/35284"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/35360"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/35395"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/35444"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/35487"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/35565"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/35710"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/35797"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/35843"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/37221"
    },
    {
      "type": "WEB",
      "url": "http://security.gentoo.org/glsa/glsa-200907-03.xml"
    },
    {
      "type": "WEB",
      "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2009\u0026m=slackware-security.538210"
    },
    {
      "type": "WEB",
      "url": "http://support.apple.com/kb/HT3937"
    },
    {
      "type": "WEB",
      "url": "http://svn.apache.org/viewvc?view=rev\u0026revision=779880"
    },
    {
      "type": "WEB",
      "url": "http://wiki.rpath.com/Advisories:rPSA-2009-0144"
    },
    {
      "type": "WEB",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PK88341"
    },
    {
      "type": "WEB",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PK91241"
    },
    {
      "type": "WEB",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PK99478"
    },
    {
      "type": "WEB",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg27014463"
    },
    {
      "type": "WEB",
      "url": "http://www.apache.org/dist/apr/CHANGES-APR-UTIL-1.3"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2009/dsa-1812"
    },
    {
      "type": "WEB",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:131"
    },
    {
      "type": "WEB",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150"
    },
    {
      "type": "WEB",
      "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html"
    },
    {
      "type": "WEB",
      "url": "http://www.redhat.com/support/errata/RHSA-2009-1107.html"
    },
    {
      "type": "WEB",
      "url": "http://www.redhat.com/support/errata/RHSA-2009-1108.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/507855/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/35221"
    },
    {
      "type": "WEB",
      "url": "http://www.ubuntu.com/usn/usn-786-1"
    },
    {
      "type": "WEB",
      "url": "http://www.ubuntu.com/usn/usn-787-1"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2009/1907"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2009/3184"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

FKIE_CVE-2009-0023

Vulnerability from fkie_nvd - Published: 2009-06-08 01:00 - Updated: 2025-04-09 00:30

Severity ?

Summary

References

URL	Tags
secalert@redhat.com	http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html	Mailing List, Third Party Advisory
secalert@redhat.com	http://marc.info/?l=bugtraq&m=129190899612998&w=2	Third Party Advisory
secalert@redhat.com	http://secunia.com/advisories/34724	Third Party Advisory
secalert@redhat.com	http://secunia.com/advisories/35284	Third Party Advisory, Vendor Advisory
secalert@redhat.com	http://secunia.com/advisories/35360	Third Party Advisory, Vendor Advisory
secalert@redhat.com	http://secunia.com/advisories/35395	Third Party Advisory
secalert@redhat.com	http://secunia.com/advisories/35444	Third Party Advisory
secalert@redhat.com	http://secunia.com/advisories/35487	Third Party Advisory
secalert@redhat.com	http://secunia.com/advisories/35565	Third Party Advisory
secalert@redhat.com	http://secunia.com/advisories/35710	Third Party Advisory
secalert@redhat.com	http://secunia.com/advisories/35797	Third Party Advisory
secalert@redhat.com	http://secunia.com/advisories/35843	Third Party Advisory
secalert@redhat.com	http://secunia.com/advisories/37221	Third Party Advisory
secalert@redhat.com	http://security.gentoo.org/glsa/glsa-200907-03.xml	Third Party Advisory
secalert@redhat.com	http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.538210	Third Party Advisory
secalert@redhat.com	http://support.apple.com/kb/HT3937	Third Party Advisory
secalert@redhat.com	http://svn.apache.org/viewvc?view=rev&revision=779880	Third Party Advisory
secalert@redhat.com	http://wiki.rpath.com/Advisories:rPSA-2009-0144	Third Party Advisory
secalert@redhat.com	http://www-01.ibm.com/support/docview.wss?uid=swg1PK88341	Third Party Advisory
secalert@redhat.com	http://www-01.ibm.com/support/docview.wss?uid=swg1PK91241	Third Party Advisory
secalert@redhat.com	http://www-01.ibm.com/support/docview.wss?uid=swg1PK99478	Third Party Advisory
secalert@redhat.com	http://www-01.ibm.com/support/docview.wss?uid=swg27014463	Third Party Advisory
secalert@redhat.com	http://www.apache.org/dist/apr/CHANGES-APR-UTIL-1.3	Third Party Advisory
secalert@redhat.com	http://www.debian.org/security/2009/dsa-1812	Patch, Third Party Advisory
secalert@redhat.com	http://www.mandriva.com/security/advisories?name=MDVSA-2009:131	Third Party Advisory
secalert@redhat.com	http://www.mandriva.com/security/advisories?name=MDVSA-2013:150	Third Party Advisory
secalert@redhat.com	http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html	Third Party Advisory
secalert@redhat.com	http://www.redhat.com/support/errata/RHSA-2009-1107.html	Third Party Advisory
secalert@redhat.com	http://www.redhat.com/support/errata/RHSA-2009-1108.html	Third Party Advisory
secalert@redhat.com	http://www.securityfocus.com/archive/1/507855/100/0/threaded	Third Party Advisory, VDB Entry
secalert@redhat.com	http://www.securityfocus.com/bid/35221	Third Party Advisory, VDB Entry
secalert@redhat.com	http://www.ubuntu.com/usn/usn-786-1	Third Party Advisory
secalert@redhat.com	http://www.ubuntu.com/usn/usn-787-1	Third Party Advisory
secalert@redhat.com	http://www.vupen.com/english/advisories/2009/1907	Third Party Advisory
secalert@redhat.com	http://www.vupen.com/english/advisories/2009/3184	Third Party Advisory
secalert@redhat.com	https://bugzilla.redhat.com/show_bug.cgi?id=503928	Issue Tracking, Patch, Third Party Advisory
secalert@redhat.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/50964	Third Party Advisory, VDB Entry
secalert@redhat.com	https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E	Third Party Advisory
secalert@redhat.com	https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E	Third Party Advisory
secalert@redhat.com	https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E	Third Party Advisory
secalert@redhat.com	https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E	Third Party Advisory
secalert@redhat.com	https://lists.apache.org/thread.html/r7dd6be4dc38148704f2edafb44a8712abaa3a2be120d6c3314d55919%40%3Ccvs.httpd.apache.org%3E	Third Party Advisory
secalert@redhat.com	https://lists.apache.org/thread.html/r84d043c2115176958562133d96d851495d712aa49da155d81f6733be%40%3Ccvs.httpd.apache.org%3E	Third Party Advisory
secalert@redhat.com	https://lists.apache.org/thread.html/r8c9983f1172a3415f915ddb7e14de632d2d0c326eb1285755a024165%40%3Ccvs.httpd.apache.org%3E	Third Party Advisory
secalert@redhat.com	https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E	Third Party Advisory
secalert@redhat.com	https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E	Third Party Advisory
secalert@redhat.com	https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3Ccvs.httpd.apache.org%3E	Third Party Advisory
secalert@redhat.com	https://lists.apache.org/thread.html/rc4c53a0d57b2771ecd4b965010580db355e38137c8711311ee1073a8%40%3Ccvs.httpd.apache.org%3E	Third Party Advisory
secalert@redhat.com	https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E	Third Party Advisory
secalert@redhat.com	https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E	Third Party Advisory
secalert@redhat.com	https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E	Third Party Advisory
secalert@redhat.com	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10968	Third Party Advisory
secalert@redhat.com	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12321	Third Party Advisory
secalert@redhat.com	https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01173.html	Third Party Advisory
secalert@redhat.com	https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01201.html	Third Party Advisory
secalert@redhat.com	https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01228.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://marc.info/?l=bugtraq&m=129190899612998&w=2	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/34724	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/35284	Third Party Advisory, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/35360	Third Party Advisory, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/35395	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/35444	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/35487	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/35565	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/35710	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/35797	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/35843	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/37221	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://security.gentoo.org/glsa/glsa-200907-03.xml	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.538210	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://support.apple.com/kb/HT3937	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://svn.apache.org/viewvc?view=rev&revision=779880	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://wiki.rpath.com/Advisories:rPSA-2009-0144	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg1PK88341	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg1PK91241	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg1PK99478	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg27014463	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.apache.org/dist/apr/CHANGES-APR-UTIL-1.3	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2009/dsa-1812	Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.mandriva.com/security/advisories?name=MDVSA-2009:131	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.mandriva.com/security/advisories?name=MDVSA-2013:150	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.redhat.com/support/errata/RHSA-2009-1107.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.redhat.com/support/errata/RHSA-2009-1108.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/507855/100/0/threaded	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/35221	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.ubuntu.com/usn/usn-786-1	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.ubuntu.com/usn/usn-787-1	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2009/1907	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2009/3184	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.redhat.com/show_bug.cgi?id=503928	Issue Tracking, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/50964	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/r7dd6be4dc38148704f2edafb44a8712abaa3a2be120d6c3314d55919%40%3Ccvs.httpd.apache.org%3E	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/r84d043c2115176958562133d96d851495d712aa49da155d81f6733be%40%3Ccvs.httpd.apache.org%3E	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/r8c9983f1172a3415f915ddb7e14de632d2d0c326eb1285755a024165%40%3Ccvs.httpd.apache.org%3E	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3Ccvs.httpd.apache.org%3E	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/rc4c53a0d57b2771ecd4b965010580db355e38137c8711311ee1073a8%40%3Ccvs.httpd.apache.org%3E	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10968	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12321	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01173.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01201.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01228.html	Third Party Advisory

Impacted products

Vendor	Product	Version
apache	apr-util	*
apache	apr-util	0.9.1
apache	apr-util	0.9.2
apache	apr-util	0.9.3
apache	apr-util	0.9.4
apache	apr-util	0.9.5
apache	apr-util	1.0
apache	apr-util	1.0.1
apache	apr-util	1.0.2
apache	apr-util	1.1.0
apache	apr-util	1.1.1
apache	apr-util	1.1.2
apache	apr-util	1.2.1
apache	apr-util	1.2.2
apache	apr-util	1.2.6
apache	apr-util	1.2.7
apache	apr-util	1.2.8
apache	apr-util	1.3.0
apache	apr-util	1.3.1
apache	apr-util	1.3.2
apache	apr-util	1.3.3
apache	http_server	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:apache:apr-util:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "16176496-B955-4F98-A395-9709C927D9BC",
              "versionEndIncluding": "1.3.4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:apr-util:0.9.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "6EC87975-74CA-42E6-84ED-0DD2BF9FFC78",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:apr-util:0.9.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A896FA5-D3FC-4BD9-965A-C9A72D62780D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:apr-util:0.9.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "D8EDB1D0-82A9-462F-9B3B-0EDF452341E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:apr-util:0.9.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "F9DFFEDC-F5C7-47C7-95A9-6BF4208A1B48",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:apr-util:0.9.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "E87B09F2-ECEA-409D-B27B-0747280D4AC6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:apr-util:1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "67AB6223-9546-4906-B502-C82E3969FC76",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:apr-util:1.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "6459BE22-2334-48B3-85B8-5BEEB05A5399",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:apr-util:1.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A24FB91C-33BC-4305-AD53-0385E3B3F091",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:apr-util:1.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "617C8C4B-8367-4EFB-8DA1-88986F6CDACA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:apr-util:1.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D85D6B73-F2CB-427D-9896-6BA79BE96FB5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:apr-util:1.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "39B4A447-29CC-4D35-B25D-FA845785E66B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:apr-util:1.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "08B50283-4187-42F7-A2A3-F5789706708B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:apr-util:1.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "40FD8140-F1E0-4F99-ACDA-926C0ACDC00E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:apr-util:1.2.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "61D253E8-528E-47B3-887A-C540A8D91E0D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:apr-util:1.2.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "BD1CD8A7-6F0A-4BEB-8E8A-BEDAB71921E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:apr-util:1.2.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "B1D0594C-E2FF-4557-80E6-8F51A4D94F7A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:apr-util:1.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1E706184-E7BC-452F-82FE-72EA8C37F4D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:apr-util:1.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "867962AD-8EF4-4DC4-96F6-77896CEF3F92",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:apr-util:1.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "0EB78030-8C3B-4ACA-B62B-DC5DC5FBD073",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:apr-util:1.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "E53CBDDE-D914-49A8-B65C-9352487B3CBA",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8BBBCFC4-2CFE-42A2-BE6F-2710EB3921A9",
              "versionEndExcluding": "2.2.12",
              "versionStartIncluding": "2.2.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The apr_strmatch_precompile function in strmatch/apr_strmatch.c in Apache APR-util before 1.3.5 allows remote attackers to cause a denial of service (daemon crash) via crafted input involving (1) a .htaccess file used with the Apache HTTP Server, (2) the SVNMasterURI directive in the mod_dav_svn module in the Apache HTTP Server, (3) the mod_apreq2 module for the Apache HTTP Server, or (4) an application that uses the libapreq2 library, which triggers a heap-based buffer underflow."
    },
    {
      "lang": "es",
      "value": "La funci\u00f3n apr_strmatch_precompile en strmatch/apr_strmatch.c en Apache APR-util anteriores a v1.3.5 permite a los atacantes remotos causar una denegaci\u00f3n de servicio (ca\u00edda del demonio) a trav\u00e9s de una entrada manipulada en 1) un fichero .htaccess utilizado con el Servidor Apache HTTP, (2) la directiva SVNMasterURI en el m\u00f3dulo mod_dav_svn en el Servidor Apache HTTP, (3) el m\u00f3dulo mod_apreq2 para el Servidor Apache HTTP, o (4) una aplicaci\u00f3n que utiliza la librer\u00eda libapreq2, relativa a un \"bandera de desbordamiento inferior\"."
    }
  ],
  "id": "CVE-2009-0023",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2009-06-08T01:00:00.530",
  "references": [
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://marc.info/?l=bugtraq\u0026m=129190899612998\u0026w=2"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/34724"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/35284"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/35360"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/35395"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/35444"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/35487"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/35565"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/35710"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/35797"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/35843"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/37221"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://security.gentoo.org/glsa/glsa-200907-03.xml"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2009\u0026m=slackware-security.538210"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://support.apple.com/kb/HT3937"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://svn.apache.org/viewvc?view=rev\u0026revision=779880"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://wiki.rpath.com/Advisories:rPSA-2009-0144"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PK88341"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PK91241"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PK99478"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg27014463"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.apache.org/dist/apr/CHANGES-APR-UTIL-1.3"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "http://www.debian.org/security/2009/dsa-1812"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:131"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.redhat.com/support/errata/RHSA-2009-1107.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.redhat.com/support/errata/RHSA-2009-1108.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/archive/1/507855/100/0/threaded"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/35221"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.ubuntu.com/usn/usn-786-1"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.ubuntu.com/usn/usn-787-1"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2009/1907"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2009/3184"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=503928"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50964"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://lists.apache.org/thread.html/r7dd6be4dc38148704f2edafb44a8712abaa3a2be120d6c3314d55919%40%3Ccvs.httpd.apache.org%3E"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://lists.apache.org/thread.html/r84d043c2115176958562133d96d851495d712aa49da155d81f6733be%40%3Ccvs.httpd.apache.org%3E"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://lists.apache.org/thread.html/r8c9983f1172a3415f915ddb7e14de632d2d0c326eb1285755a024165%40%3Ccvs.httpd.apache.org%3E"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3Ccvs.httpd.apache.org%3E"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://lists.apache.org/thread.html/rc4c53a0d57b2771ecd4b965010580db355e38137c8711311ee1073a8%40%3Ccvs.httpd.apache.org%3E"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10968"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12321"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01173.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01201.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01228.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://marc.info/?l=bugtraq\u0026m=129190899612998\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/34724"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/35284"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/35360"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/35395"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/35444"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/35487"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/35565"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/35710"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/35797"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/35843"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/37221"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://security.gentoo.org/glsa/glsa-200907-03.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2009\u0026m=slackware-security.538210"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://support.apple.com/kb/HT3937"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://svn.apache.org/viewvc?view=rev\u0026revision=779880"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://wiki.rpath.com/Advisories:rPSA-2009-0144"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PK88341"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PK91241"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PK99478"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg27014463"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.apache.org/dist/apr/CHANGES-APR-UTIL-1.3"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "http://www.debian.org/security/2009/dsa-1812"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:131"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.redhat.com/support/errata/RHSA-2009-1107.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.redhat.com/support/errata/RHSA-2009-1108.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/archive/1/507855/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/35221"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.ubuntu.com/usn/usn-786-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.ubuntu.com/usn/usn-787-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2009/1907"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2009/3184"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=503928"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50964"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://lists.apache.org/thread.html/r7dd6be4dc38148704f2edafb44a8712abaa3a2be120d6c3314d55919%40%3Ccvs.httpd.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://lists.apache.org/thread.html/r84d043c2115176958562133d96d851495d712aa49da155d81f6733be%40%3Ccvs.httpd.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://lists.apache.org/thread.html/r8c9983f1172a3415f915ddb7e14de632d2d0c326eb1285755a024165%40%3Ccvs.httpd.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3Ccvs.httpd.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://lists.apache.org/thread.html/rc4c53a0d57b2771ecd4b965010580db355e38137c8711311ee1073a8%40%3Ccvs.httpd.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10968"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12321"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01173.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01201.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01228.html"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2009-0023 (GCVE-0-2009-0023)

Description

Solution

Description

Solution

Description

Solution

Description

Solution

Description

Solution

Solution

Description

Solution

Tags

Sightings

Nomenclature