CVE-2009-0023
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2009-0023
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2009-0023.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2009-0023
- Related
- Published
- 2009-06-08T01:00:00Z
- Modified
- 2024-09-18T01:00:21Z
- Summary
- [none]
- Details
-
The aprstrmatchprecompile function in strmatch/aprstrmatch.c in Apache APR-util before 1.3.5 allows remote attackers to cause a denial of service (daemon crash) via crafted input involving (1) a .htaccess file used with the Apache HTTP Server, (2) the SVNMasterURI directive in the moddavsvn module in the Apache HTTP Server, (3) the modapreq2 module for the Apache HTTP Server, or (4) an application that uses the libapreq2 library, which triggers a heap-based buffer underflow.
- References
-
- http://secunia.com/advisories/34724
- http://secunia.com/advisories/35284
- http://secunia.com/advisories/35360
- http://secunia.com/advisories/35395
- http://secunia.com/advisories/35444
- http://secunia.com/advisories/35487
- http://secunia.com/advisories/35565
- http://secunia.com/advisories/35710
- http://secunia.com/advisories/35797
- http://secunia.com/advisories/35843
- http://secunia.com/advisories/37221
- http://security.gentoo.org/glsa/glsa-200907-03.xml
- http://www.debian.org/security/2009/dsa-1812
- http://www.mandriva.com/security/advisories?name=MDVSA-2009:131
- http://www.mandriva.com/security/advisories?name=MDVSA-2013:150
- http://www.securityfocus.com/archive/1/507855/100/0/threaded
- http://www.securityfocus.com/bid/35221
- http://www.ubuntu.com/usn/usn-786-1
- http://www.ubuntu.com/usn/usn-787-1
- http://www.vupen.com/english/advisories/2009/1907
- http://www.vupen.com/english/advisories/2009/3184
- https://exchange.xforce.ibmcloud.com/vulnerabilities/50964
- http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html
- https://bugzilla.redhat.com/show_bug.cgi?id=503928
- http://marc.info/?l=bugtraq&m=129190899612998&w=2
- http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.538210
- http://support.apple.com/kb/HT3937
- http://svn.apache.org/viewvc?view=rev&revision=779880
- http://wiki.rpath.com/Advisories:rPSA-2009-0144
- http://www-01.ibm.com/support/docview.wss?uid=swg1PK88341
- http://www-01.ibm.com/support/docview.wss?uid=swg1PK91241
- http://www-01.ibm.com/support/docview.wss?uid=swg1PK99478
- http://www-01.ibm.com/support/docview.wss?uid=swg27014463
- http://www.apache.org/dist/apr/CHANGES-APR-UTIL-1.3
- http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html
- http://www.redhat.com/support/errata/RHSA-2009-1107.html
- http://www.redhat.com/support/errata/RHSA-2009-1108.html
- https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/r7dd6be4dc38148704f2edafb44a8712abaa3a2be120d6c3314d55919%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/r84d043c2115176958562133d96d851495d712aa49da155d81f6733be%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/r8c9983f1172a3415f915ddb7e14de632d2d0c326eb1285755a024165%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/rc4c53a0d57b2771ecd4b965010580db355e38137c8711311ee1073a8%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10968
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12321
- https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01173.html
- https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01201.html
- https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01228.html
- https://security-tracker.debian.org/tracker/CVE-2009-0023
Affected packages
Debian:11 / apr-util
Package
- Name
- apr-util
- Purl
- pkg:deb/debian/apr-util?arch=source
Debian:12 / apr-util
Package
- Name
- apr-util
- Purl
- pkg:deb/debian/apr-util?arch=source
Debian:13 / apr-util
Package
- Name
- apr-util
- Purl
- pkg:deb/debian/apr-util?arch=source