6 matches found
CVE-2009-1955
CVE-2009-1955 affects the Expact XML parser used by the apr_xml_* interface in xml/apr_xml.c of APR-util, with the vulnerability present in APR-util prior to 1.3.7. In Apache HTTP Server deployments that enable mod_dav and mod_dav_svn, a crafted XML document containing a large number of nested en...
CVE-2010-1623
The CVE-2010-1623 issue affects the APR-util library (apr_brigade_split_line in buckets/apr_brigade.c) prior to version 1.3.10, where a memory leak can allow remote attackers to cause denial of service through memory consumption related to APR bucket destruction. Affected products commonly includ...
CVE-2009-2412
CVE-2009-2412 – summary: Multiple integer overflows in Apache APR (memory/unix/apr_pools.c) and APR-util (misc/apr_rmm.c) for APR 0.9.x/1.3.x allow remote attackers to trigger buffer overflows, causing application crash or, potentially, arbitrary code execution. Likely vectors involve crafted cal...
CVE-2009-1956
CVE-2009-1956: Off-by-one error in apr_brigade_vprintf in Apache APR-util before 1.3.5 on big-endian platforms. Remote attackers could obtain sensitive information or cause a denial of service (application crash) via crafted input. Affected product: APR-util (pre-1.3.5) used with APR/httpd; impac...
CVE-2009-0023
CVE-2009-0023 affects Apache APR-util prior to 1.3.5. The vulnerability in apr_strmatch_precompile (strmatch/apr_strmatch.c) can be exploited by crafted input via that library’s usage contexts (e.g., .htaccess with Apache HTTP Server, SVNMasterURI in mod_dav_svn, mod_apreq2, or applications using...
CVE-2011-1928
The CVE-2011-1928 issue affects the APR library’s fnmatch implementation (apr_fnmatch.c) in APR 1.4.3/1.4.4 and Apache HTTP Server 2.2.18, causing an infinite-loop DoS when processing certain URIs due to an incorrect fix for CVE-2011-0419. Connected advisories note the problem is triggered by wil...