USN-786-1: apr-util vulnerabilities

Matthew Palmer discovered an underflow flaw in apr-util. An attacker could cause a denial of service via application crash in Apache using a crafted SVNMasterURI directive, .htaccess file, or when using modapreq2. Applications using libapreq2 are also affected. CVE-2009-0023 It was discovered tha...

Apache APR-util库apr_strmatch_precompile()函数整数下溢漏洞

BUGTRAQ ID: 35221 CVECAN ID: CVE-2009-0023 Apr-util是Apache所使用的Apache可移植运行时工具库。 Apr-util库的strmatch/aprstrmatch.c文件中的aprstrmatchprecompile函数存在整数下溢漏洞。如果远程攻击者通过.htaccess文件、moddavsvn模块中的SVNMasterURI指令、modapreq2模块或libapreq2 库等方式传送了特制输入的话，就可能导致守护程序崩溃。 APR-util 1.3.4 厂商补丁： Apache Group ------------...

Heap overflow

The aprstrmatchprecompile function in strmatch/aprstrmatch.c in Apache APR-util before 1.3.5 allows remote attackers to cause a denial of service daemon crash via crafted input involving 1 a .htaccess file used with the Apache HTTP Server, 2 the SVNMasterURI directive in the moddavsvn module in t...

CVE-2009-0023

The aprstrmatchprecompile function in strmatch/aprstrmatch.c in Apache APR-util before 1.3.5 allows remote attackers to cause a denial of service daemon crash via crafted input involving 1 a .htaccess file used with the Apache HTTP Server, 2 the SVNMasterURI directive in the moddavsvn module in t...

CVE-2009-0023

CVE-2009-0023 affects Apache APR-util prior to 1.3.5. The vulnerability in apr_strmatch_precompile (strmatch/apr_strmatch.c) can be exploited by crafted input via that library’s usage contexts (e.g., .htaccess with Apache HTTP Server, SVNMasterURI in mod_dav_svn, mod_apreq2, or applications using...