Search for vulnerabilities
Vulnerability details: VCID-g44f-ek3a-aaak
Vulnerability ID VCID-g44f-ek3a-aaak
Aliases CVE-2009-0023
Summary The apr_strmatch_precompile function in strmatch/apr_strmatch.c in Apache APR-util before 1.3.5 allows remote attackers to cause a denial of service (daemon crash) via crafted input involving (1) a .htaccess file used with the Apache HTTP Server, (2) the SVNMasterURI directive in the mod_dav_svn module in the Apache HTTP Server, (3) the mod_apreq2 module for the Apache HTTP Server, or (4) an application that uses the libapreq2 library, which triggers a heap-based buffer underflow.
Status Published
Exploitability 0.5
Weighted Severity 8.0
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
System Score Found at
rhas Moderate https://access.redhat.com/errata/RHSA-2009:1107
rhas Moderate https://access.redhat.com/errata/RHSA-2009:1108
rhas Important https://access.redhat.com/errata/RHSA-2009:1160
rhas Moderate https://access.redhat.com/errata/RHSA-2010:0602
epss 0.03593 https://api.first.org/data/v1/epss?cve=CVE-2009-0023
epss 0.03942 https://api.first.org/data/v1/epss?cve=CVE-2009-0023
epss 0.03942 https://api.first.org/data/v1/epss?cve=CVE-2009-0023
epss 0.03942 https://api.first.org/data/v1/epss?cve=CVE-2009-0023
epss 0.03942 https://api.first.org/data/v1/epss?cve=CVE-2009-0023
epss 0.03942 https://api.first.org/data/v1/epss?cve=CVE-2009-0023
epss 0.03942 https://api.first.org/data/v1/epss?cve=CVE-2009-0023
epss 0.03942 https://api.first.org/data/v1/epss?cve=CVE-2009-0023
epss 0.03942 https://api.first.org/data/v1/epss?cve=CVE-2009-0023
epss 0.03942 https://api.first.org/data/v1/epss?cve=CVE-2009-0023
epss 0.03942 https://api.first.org/data/v1/epss?cve=CVE-2009-0023
epss 0.03942 https://api.first.org/data/v1/epss?cve=CVE-2009-0023
epss 0.04921 https://api.first.org/data/v1/epss?cve=CVE-2009-0023
epss 0.06923 https://api.first.org/data/v1/epss?cve=CVE-2009-0023
epss 0.06923 https://api.first.org/data/v1/epss?cve=CVE-2009-0023
epss 0.06923 https://api.first.org/data/v1/epss?cve=CVE-2009-0023
epss 0.06923 https://api.first.org/data/v1/epss?cve=CVE-2009-0023
epss 0.1007 https://api.first.org/data/v1/epss?cve=CVE-2009-0023
epss 0.1007 https://api.first.org/data/v1/epss?cve=CVE-2009-0023
epss 0.1007 https://api.first.org/data/v1/epss?cve=CVE-2009-0023
epss 0.1007 https://api.first.org/data/v1/epss?cve=CVE-2009-0023
epss 0.1007 https://api.first.org/data/v1/epss?cve=CVE-2009-0023
epss 0.1007 https://api.first.org/data/v1/epss?cve=CVE-2009-0023
epss 0.1007 https://api.first.org/data/v1/epss?cve=CVE-2009-0023
epss 0.1007 https://api.first.org/data/v1/epss?cve=CVE-2009-0023
epss 0.1007 https://api.first.org/data/v1/epss?cve=CVE-2009-0023
epss 0.1007 https://api.first.org/data/v1/epss?cve=CVE-2009-0023
epss 0.1007 https://api.first.org/data/v1/epss?cve=CVE-2009-0023
epss 0.1007 https://api.first.org/data/v1/epss?cve=CVE-2009-0023
epss 0.1007 https://api.first.org/data/v1/epss?cve=CVE-2009-0023
epss 0.1007 https://api.first.org/data/v1/epss?cve=CVE-2009-0023
epss 0.1007 https://api.first.org/data/v1/epss?cve=CVE-2009-0023
epss 0.1007 https://api.first.org/data/v1/epss?cve=CVE-2009-0023
epss 0.1007 https://api.first.org/data/v1/epss?cve=CVE-2009-0023
epss 0.1007 https://api.first.org/data/v1/epss?cve=CVE-2009-0023
epss 0.1007 https://api.first.org/data/v1/epss?cve=CVE-2009-0023
epss 0.1007 https://api.first.org/data/v1/epss?cve=CVE-2009-0023
epss 0.1007 https://api.first.org/data/v1/epss?cve=CVE-2009-0023
epss 0.1007 https://api.first.org/data/v1/epss?cve=CVE-2009-0023
epss 0.1007 https://api.first.org/data/v1/epss?cve=CVE-2009-0023
epss 0.1007 https://api.first.org/data/v1/epss?cve=CVE-2009-0023
epss 0.1007 https://api.first.org/data/v1/epss?cve=CVE-2009-0023
epss 0.1007 https://api.first.org/data/v1/epss?cve=CVE-2009-0023
epss 0.1007 https://api.first.org/data/v1/epss?cve=CVE-2009-0023
epss 0.1007 https://api.first.org/data/v1/epss?cve=CVE-2009-0023
epss 0.1007 https://api.first.org/data/v1/epss?cve=CVE-2009-0023
epss 0.1007 https://api.first.org/data/v1/epss?cve=CVE-2009-0023
epss 0.1007 https://api.first.org/data/v1/epss?cve=CVE-2009-0023
epss 0.1007 https://api.first.org/data/v1/epss?cve=CVE-2009-0023
epss 0.1007 https://api.first.org/data/v1/epss?cve=CVE-2009-0023
epss 0.1007 https://api.first.org/data/v1/epss?cve=CVE-2009-0023
epss 0.1007 https://api.first.org/data/v1/epss?cve=CVE-2009-0023
epss 0.1007 https://api.first.org/data/v1/epss?cve=CVE-2009-0023
epss 0.1007 https://api.first.org/data/v1/epss?cve=CVE-2009-0023
epss 0.1007 https://api.first.org/data/v1/epss?cve=CVE-2009-0023
epss 0.1007 https://api.first.org/data/v1/epss?cve=CVE-2009-0023
epss 0.1007 https://api.first.org/data/v1/epss?cve=CVE-2009-0023
epss 0.1007 https://api.first.org/data/v1/epss?cve=CVE-2009-0023
epss 0.1007 https://api.first.org/data/v1/epss?cve=CVE-2009-0023
epss 0.1007 https://api.first.org/data/v1/epss?cve=CVE-2009-0023
epss 0.1007 https://api.first.org/data/v1/epss?cve=CVE-2009-0023
epss 0.1007 https://api.first.org/data/v1/epss?cve=CVE-2009-0023
epss 0.1007 https://api.first.org/data/v1/epss?cve=CVE-2009-0023
epss 0.1007 https://api.first.org/data/v1/epss?cve=CVE-2009-0023
epss 0.1007 https://api.first.org/data/v1/epss?cve=CVE-2009-0023
epss 0.1007 https://api.first.org/data/v1/epss?cve=CVE-2009-0023
epss 0.1007 https://api.first.org/data/v1/epss?cve=CVE-2009-0023
epss 0.14825 https://api.first.org/data/v1/epss?cve=CVE-2009-0023
apache_httpd moderate https://httpd.apache.org/security/json/CVE-2009-0023.json
cvssv2 4.3 https://nvd.nist.gov/vuln/detail/CVE-2009-0023
Reference id Reference type URL
http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html
http://marc.info/?l=bugtraq&m=129190899612998&w=2
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0023.json
https://api.first.org/data/v1/epss?cve=CVE-2009-0023
https://bugzilla.redhat.com/show_bug.cgi?id=503928
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0023
http://secunia.com/advisories/34724
http://secunia.com/advisories/35284
http://secunia.com/advisories/35360
http://secunia.com/advisories/35395
http://secunia.com/advisories/35444
http://secunia.com/advisories/35487
http://secunia.com/advisories/35565
http://secunia.com/advisories/35710
http://secunia.com/advisories/35797
http://secunia.com/advisories/35843
http://secunia.com/advisories/37221
http://security.gentoo.org/glsa/glsa-200907-03.xml
https://exchange.xforce.ibmcloud.com/vulnerabilities/50964
http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.538210
https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r7dd6be4dc38148704f2edafb44a8712abaa3a2be120d6c3314d55919@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r7dd6be4dc38148704f2edafb44a8712abaa3a2be120d6c3314d55919%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r84d043c2115176958562133d96d851495d712aa49da155d81f6733be@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r84d043c2115176958562133d96d851495d712aa49da155d81f6733be%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r8c9983f1172a3415f915ddb7e14de632d2d0c326eb1285755a024165@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r8c9983f1172a3415f915ddb7e14de632d2d0c326eb1285755a024165%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rc4c53a0d57b2771ecd4b965010580db355e38137c8711311ee1073a8@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rc4c53a0d57b2771ecd4b965010580db355e38137c8711311ee1073a8%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10968
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12321
http://support.apple.com/kb/HT3937
http://svn.apache.org/viewvc?view=rev&revision=779880
https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01173.html
https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01201.html
https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01228.html
http://wiki.rpath.com/Advisories:rPSA-2009-0144
http://www-01.ibm.com/support/docview.wss?uid=swg1PK88341
http://www-01.ibm.com/support/docview.wss?uid=swg1PK91241
http://www-01.ibm.com/support/docview.wss?uid=swg1PK99478
http://www-01.ibm.com/support/docview.wss?uid=swg27014463
http://www.apache.org/dist/apr/CHANGES-APR-UTIL-1.3
http://www.debian.org/security/2009/dsa-1812
http://www.mandriva.com/security/advisories?name=MDVSA-2009:131
http://www.mandriva.com/security/advisories?name=MDVSA-2013:150
http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html
http://www.redhat.com/support/errata/RHSA-2009-1107.html
http://www.redhat.com/support/errata/RHSA-2009-1108.html
http://www.securityfocus.com/archive/1/507855/100/0/threaded
http://www.securityfocus.com/bid/35221
http://www.ubuntu.com/usn/usn-786-1
http://www.ubuntu.com/usn/usn-787-1
http://www.vupen.com/english/advisories/2009/1907
http://www.vupen.com/english/advisories/2009/3184
cpe:2.3:a:apache:apr-util:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:apr-util:*:*:*:*:*:*:*:*
cpe:2.3:a:apache:apr-util:0.9.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:apr-util:0.9.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:apr-util:0.9.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:apr-util:0.9.2:*:*:*:*:*:*:*
cpe:2.3:a:apache:apr-util:0.9.3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:apr-util:0.9.3:*:*:*:*:*:*:*
cpe:2.3:a:apache:apr-util:0.9.4:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:apr-util:0.9.4:*:*:*:*:*:*:*
cpe:2.3:a:apache:apr-util:0.9.5:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:apr-util:0.9.5:*:*:*:*:*:*:*
cpe:2.3:a:apache:apr-util:1.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:apr-util:1.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:apr-util:1.0.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:apr-util:1.0.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:apr-util:1.0.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:apr-util:1.0.2:*:*:*:*:*:*:*
cpe:2.3:a:apache:apr-util:1.1.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:apr-util:1.1.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:apr-util:1.1.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:apr-util:1.1.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:apr-util:1.1.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:apr-util:1.1.2:*:*:*:*:*:*:*
cpe:2.3:a:apache:apr-util:1.2.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:apr-util:1.2.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:apr-util:1.2.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:apr-util:1.2.2:*:*:*:*:*:*:*
cpe:2.3:a:apache:apr-util:1.2.6:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:apr-util:1.2.6:*:*:*:*:*:*:*
cpe:2.3:a:apache:apr-util:1.2.7:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:apr-util:1.2.7:*:*:*:*:*:*:*
cpe:2.3:a:apache:apr-util:1.2.8:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:apr-util:1.2.8:*:*:*:*:*:*:*
cpe:2.3:a:apache:apr-util:1.3.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:apr-util:1.3.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:apr-util:1.3.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:apr-util:1.3.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:apr-util:1.3.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:apr-util:1.3.2:*:*:*:*:*:*:*
cpe:2.3:a:apache:apr-util:1.3.3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:apr-util:1.3.3:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*
CVE-2009-0023 https://httpd.apache.org/security/json/CVE-2009-0023.json
CVE-2009-0023 https://nvd.nist.gov/vuln/detail/CVE-2009-0023
GLSA-200907-03 https://security.gentoo.org/glsa/200907-03
RHSA-2009:1107 https://access.redhat.com/errata/RHSA-2009:1107
RHSA-2009:1108 https://access.redhat.com/errata/RHSA-2009:1108
RHSA-2009:1160 https://access.redhat.com/errata/RHSA-2009:1160
RHSA-2010:0602 https://access.redhat.com/errata/RHSA-2010:0602
USN-786-1 https://usn.ubuntu.com/786-1/
USN-787-1 https://usn.ubuntu.com/787-1/
No exploits are available.
Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2009-0023
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.91864
EPSS Score 0.03593
Published At Nov. 1, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.