CVE-2003-0189
published 2003-06-09CVE-2003-0189: The authentication module for Apache 2.0.40 through 2.0.45 on Unix does not properly handle threads safely when using the crypt_r or crypt functions, which…
medium5CVSS 3.1
AVNACLAuNCNINAP
The authentication module for Apache 2.0.40 through 2.0.45 on Unix does not properly handle threads safely when using the crypt_r or crypt functions, which allows remote attackers to cause a denial of service (failed Basic authentication with valid usernames and passwords) when a threaded MPM is used.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apache | http_server | — | — |
| apache | http_server | — | — |
| apache | http_server | — | — |
| apache | http_server | — | — |
| apache | http_server | — | — |
| apache | http_server | — | — |
| debian | apache2 | < apache2 2.0.46 (bookworm) | apache2 2.0.46 (bookworm) |
CVSS provenance
nvd5.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
osv5.0MEDIUM