Apache APR-Utils Multiple Denial Of Service Vulnerabilities Network Vulnerability

Summary

The host is installed with Apache APR-Utils and is prone to Multiple Denial of Service Vulnerabilities.

Impact

Attackers can exploit these issues to crash the application resulting into a denial of service conditions. Impact Level: Application

Solution

Apply the patches or upgrade to Apache APR-Utils 1.3.5 or later. http://apr.apache.org/download.cgi

Insight

The Flaws are due to, - An integer underflow Error in the apr_strmatch_precompile() function in 'strmatch/apr_strmatch.c', while processing malicious data. - A Off-by-one error in the apr_brigade_vprintf function on big-endian platform while processing crafted input.

Affected

Apache APR-Utils before 1.3.5 on Linux.

References

http://www.apache.org/dist/apr/CHANGES-APR-UTIL-1.3
http://xforce.iss.net/xforce/xfdb/50964

Updated on 2015-03-25

Severity

Classification

CVE CVE-2009-0023, CVE-2009-1956

CVSS	Base Score: 6.4 AV:N/AC:L/Au:N/C:P/I:N/A:P

Related Vulnerabilities

Apache Traffic Server HTTP Host Header Denial of Service Vulnerability
ddrLPD Remote Denial of Service Vulnerability
Apple Safari Denial Of Service Vulnerability - Jul09
CUPS Denial of Service Vulnerability - Jun09
Apache APR-Utils Multiple Denial of Service Vulnerabilities

Take action and discover your vulnerabilities