CVE-2009-0023

Table of Contents

Impact:
Moderate
Public Date:
2009-06-03
Bugzilla:
503928: CVE-2009-0023 apr-util heap buffer underwrite

The MITRE CVE dictionary describes this issue as:

The apr_strmatch_precompile function in strmatch/apr_strmatch.c in Apache APR-util before 1.3.5 allows remote attackers to cause a denial of service (daemon crash) via crafted input involving (1) a .htaccess file used with the Apache HTTP Server, (2) the SVNMasterURI directive in the mod_dav_svn module in the Apache HTTP Server, (3) the mod_apreq2 module for the Apache HTTP Server, or (4) an application that uses the libapreq2 library, which triggers a heap-based buffer underflow.

Find out more about CVE-2009-0023 from the MITRE CVE dictionary dictionary and NIST NVD.

CVSS v2 metrics

Base Score 4.3
Base Metrics AV:L/AC:L/Au:S/C:P/I:P/A:P
Access Vector Local
Access Complexity Low
Authentication Single
Confidentiality Impact Partial
Integrity Impact Partial
Availability Impact Partial

Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).

Red Hat Security Errata

Platform Errata Release Date
Red Hat Enterprise Linux 4 (apr-util) RHSA-2009:1107 2009-06-16
Red Hat JBoss Web Server 1.0 for RHEL 4 AS (httpd22) RHSA-2009:1160 2009-07-17
Red Hat Certificate System 7.3 for 4AS RHSA-2010:0602 2010-08-04
Red Hat Enterprise Linux 3 (httpd) RHSA-2009:1108 2009-06-16
Red Hat Enterprise Linux 5 (apr-util) RHSA-2009:1107 2009-06-16
Last Modified

CVE description copyright © 2017, The MITRE Corporation