Published: 08/06/2009 Updated: 07/11/2023

CVSS v2 Base Score: 6.4 | Impact Score: 4.9 | Exploitability Score: 10

VMScore: 572

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:P

Subscribe to Apr-util

Off-by-one error in the apr_brigade_vprintf function in Apache APR-util prior to 1.3.5 on big-endian platforms allows remote malicious users to obtain sensitive information or cause a denial of service (application crash) via crafted input.

Vulnerable Product	Search on Vulmon	Subscribe to Product
apache apr-util
apache http server
canonical ubuntu linux 9.04
canonical ubuntu linux 8.10
canonical ubuntu linux 8.04
canonical ubuntu linux 6.06

Synopsis Moderate: apr-util security update Type/Severity Security Advisory: Moderate Topic Updated apr-util packages that fix multiple security issues are nowavailable for Red Hat Enterprise Linux 4 and 5This update has been rated as having moderate security impact by the RedHat Security Response Team ...

Synopsis Moderate: httpd security update Type/Severity Security Advisory: Moderate Topic Updated httpd packages that fix multiple security issues are now availablefor Red Hat Enterprise Linux 3This update has been rated as having moderate security impact by the RedHat Security Response Team Descr ...

Matthew Palmer discovered an underflow flaw in apr-util as included in Apache An attacker could cause a denial of service via application crash in Apache using a crafted SVNMasterURI directive, htaccess file, or when using mod_apreq2 This issue only affected Ubuntu 606 LTS (CVE-2009-0023) ...

Matthew Palmer discovered an underflow flaw in apr-util An attacker could cause a denial of service via application crash in Apache using a crafted SVNMasterURI directive, htaccess file, or when using mod_apreq2 Applications using libapreq2 are also affected (CVE-2009-0023) ...

CWE-189 http://svn.apache.org/viewvc?view=rev&revision=768417 http://www.apache.org/dist/apr/CHANGES-APR-UTIL-1.3 https://bugzilla.redhat.com/show_bug.cgi?id=504390 http://www.openwall.com/lists/oss-security/2009/06/06/1 http://www.mandriva.com/security/advisories?name=MDVSA-2009:131 http://www.ubuntu.com/usn/usn-786-1 http://www.securityfocus.com/bid/35251 http://www.redhat.com/support/errata/RHSA-2009-1107.html http://www.redhat.com/support/errata/RHSA-2009-1108.html http://secunia.com/advisories/34724 http://secunia.com/advisories/35487 http://secunia.com/advisories/35395 http://www.ubuntu.com/usn/usn-787-1 https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01228.html https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01201.html https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01173.html http://secunia.com/advisories/35565 http://secunia.com/advisories/35710 http://secunia.com/advisories/35843 http://security.gentoo.org/glsa/glsa-200907-03.xml http://www-01.ibm.com/support/docview.wss?uid=swg1PK91241 http://www-01.ibm.com/support/docview.wss?uid=swg1PK88341 http://secunia.com/advisories/35797 http://secunia.com/advisories/35284 http://www.vupen.com/english/advisories/2009/1907 http://support.apple.com/kb/HT3937 http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html http://www.vupen.com/english/advisories/2009/3184 http://www-01.ibm.com/support/docview.wss?uid=swg27014463 http://secunia.com/advisories/37221 http://www-01.ibm.com/support/docview.wss?uid=swg1PK99478 http://marc.info/?l=bugtraq&m=129190899612998&w=2 http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12237 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11567 http://www.mail-archive.com/dev%40apr.apache.org/msg21592.html http://www.mail-archive.com/dev%40apr.apache.org/msg21591.html https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/reb7c64aeea604bf948467d9d1cab8ff23fa7d002be1964bcc275aae7%40%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r2295080a257bad27ea68ca0af12fc715577f9e84801eae116a33107e%40%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/rad2acee3ab838b52c04a0698b1728a9a43467bf365bd481c993c535d%40%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E https://access.redhat.com/errata/RHSA-2009:1107 https://usn.ubuntu.com/787-1/https://nvd.nist.gov

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook