UbuntuUSN-787-1Apache vulnerabilities
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
8.3 High
AI Score
Confidence
High
6.4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:N/A:P
0.316 Low
EPSS
Percentile
96.9%
Releases
- Ubuntu 9.04
- Ubuntu 8.10
- Ubuntu 8.04
- Ubuntu 6.06
Packages
- apache2 -
Details
Matthew Palmer discovered an underflow flaw in apr-util as included in
Apache. An attacker could cause a denial of service via application crash
in Apache using a crafted SVNMasterURI directive, .htaccess file, or when
using mod_apreq2. This issue only affected Ubuntu 6.06 LTS. (CVE-2009-0023)
Sander de Boer discovered that mod_proxy_ajp would reuse connections when
a client closed a connection without sending a request body. A remote
attacker could exploit this to obtain sensitive response data. This issue
only affected Ubuntu 9.04. (CVE-2009-1191)
Jonathan Peatfield discovered that Apache did not process Includes options
correctly. With certain configurations of Options and AllowOverride, a
local attacker could use an .htaccess file to override intended
restrictions and execute arbitrary code via a Server-Side-Include file.
This issue affected Ubuntu 8.04 LTS, 8.10 and 9.04. (CVE-2009-1195)
It was discovered that the XML parser did not properly handle entity
expansion. A remote attacker could cause a denial of service via memory
resource consumption by sending a crafted request to an Apache server
configured to use mod_dav or mod_dav_svn. This issue only affected Ubuntu
6.06 LTS. (CVE-2009-1955)
C. Michael Pilato discovered an off-by-one buffer overflow in apr-util when
formatting certain strings. For big-endian machines (powerpc, hppa and
sparc in Ubuntu), a remote attacker could cause a denial of service or
information disclosure leak. All other architectures for Ubuntu are not
considered to be at risk. This issue only affected Ubuntu 6.06 LTS.
(CVE-2009-1956)
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Ubuntu | 9.04 | noarch | apache2-mpm-worker | < 2.2.11-2ubuntu2.1 | UNKNOWN |
| Ubuntu | 9.04 | noarch | apache2 | < mpm-event-2.2.11-2ubuntu2.1 | UNKNOWN |
| Ubuntu | 9.04 | noarch | apache2 | < mpm-prefork-2.2.11-2ubuntu2.1 | UNKNOWN |
| Ubuntu | 9.04 | noarch | apache2 | < mpm-worker-2.2.11-2ubuntu2.1 | UNKNOWN |
| Ubuntu | 9.04 | noarch | apache2 | < prefork-dev-2.2.11-2ubuntu2.1 | UNKNOWN |
| Ubuntu | 9.04 | noarch | apache2 | < suexec-2.2.11-2ubuntu2.1 | UNKNOWN |
| Ubuntu | 9.04 | noarch | apache2 | < suexec-custom-2.2.11-2ubuntu2.1 | UNKNOWN |
| Ubuntu | 9.04 | noarch | apache2 | < threaded-dev-2.2.11-2ubuntu2.1 | UNKNOWN |
| Ubuntu | 9.04 | noarch | apache2 | < utils-2.2.11-2ubuntu2.1 | UNKNOWN |
| Ubuntu | 9.04 | noarch | apache2.2-common | < 2.2.11-2ubuntu2.1 | UNKNOWN |
Related
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
8.3 High
AI Score
Confidence
High
6.4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:N/A:P
0.316 Low
EPSS
Percentile
96.9%