CVE-2009-0023
published 2009-06-08CVE-2009-0023: The apr_strmatch_precompile function in strmatch/apr_strmatch.c in Apache APR-util before 1.3.5 allows remote attackers to cause a denial of service (daemon…
medium4.3CVSS 3.1
AVNACMAuNCNINAP
The apr_strmatch_precompile function in strmatch/apr_strmatch.c in Apache APR-util before 1.3.5 allows remote attackers to cause a denial of service (daemon crash) via crafted input involving (1) a .htaccess file used with the Apache HTTP Server, (2) the SVNMasterURI directive in the mod_dav_svn module in the Apache HTTP Server, (3) the mod_apreq2 module for the Apache HTTP Server, or (4) an application that uses the libapreq2 library, which triggers a heap-based buffer underflow.
Affected
27 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apache | apr-util | <= 1.3.4 | — |
| apache | apr-util | — | — |
| apache | apr-util | — | — |
| apache | apr-util | — | — |
| apache | apr-util | — | — |
| apache | apr-util | — | — |
| apache | apr-util | — | — |
| apache | apr-util | — | — |
| apache | apr-util | — | — |
| apache | apr-util | — | — |
| apache | apr-util | — | — |
| apache | apr-util | — | — |
| apache | apr-util | — | — |
| apache | apr-util | — | — |
| apache | apr-util | — | — |
| apache | apr-util | — | — |
| apache | apr-util | — | — |
| apache | apr-util | — | — |
| apache | apr-util | — | — |
| apache | apr-util | — | — |
| apache | apr-util | — | — |
| apache | apr-util | >= 0 < 1.3.7+dfsg-1 | 1.3.7+dfsg-1 |
| apache | apr-util | >= 0 < 1.3.7+dfsg-1 | 1.3.7+dfsg-1 |
| apache | apr-util | >= 0 < 1.3.7+dfsg-1 | 1.3.7+dfsg-1 |
| apache | apr-util | >= 0 < 1.3.7+dfsg-1 | 1.3.7+dfsg-1 |
CVSS provenance
nvd4.3MEDIUMAV:N/AC:M/Au:N/C:N/I:N/A:P
osv4.3MEDIUM