This CPE summary could be partial or incomplete. Please contact us for a detailed listing.
Summary
| Detail | |||
|---|---|---|---|
| Vendor | Apache | First view | 2009-06-07 |
| Product | Apr-Util | Last view | 2010-10-04 |
| Version | 1.1.2 | Type | Application |
| Update | * | ||
| Edition | * | ||
| Language | * | ||
| Sofware Edition | * | ||
| Target Software | * | ||
| Target Hardware | * | ||
| Other | * | ||
| CPE Product | cpe:2.3:a:apache:apr-util | ||
Activity : Overall
Related : CVE
| Date | Alert | Description | |
|---|---|---|---|
| 5 | 2010-10-04 | CVE-2010-1623 | Memory leak in the apr_brigade_split_line function in buckets/apr_brigade.c in the Apache Portable Runtime Utility library (aka APR-util) before 1.3.10, as used in the mod_reqtimeout module in the Apache HTTP Server and other software, allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors related to the destruction of an APR bucket. |
| 6.4 | 2009-06-07 | CVE-2009-1956 | Off-by-one error in the apr_brigade_vprintf function in Apache APR-util before 1.3.5 on big-endian platforms allows remote attackers to obtain sensitive information or cause a denial of service (application crash) via crafted input. |
| 7.5 | 2009-06-07 | CVE-2009-1955 | The expat XML parser in the apr_xml_* interface in xml/apr_xml.c in Apache APR-util before 1.3.7, as used in the mod_dav and mod_dav_svn modules in the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, as demonstrated by a PROPFIND request, a similar issue to CVE-2003-1564. |
| 4.3 | 2009-06-07 | CVE-2009-0023 | The apr_strmatch_precompile function in strmatch/apr_strmatch.c in Apache APR-util before 1.3.5 allows remote attackers to cause a denial of service (daemon crash) via crafted input involving (1) a .htaccess file used with the Apache HTTP Server, (2) the SVNMasterURI directive in the mod_dav_svn module in the Apache HTTP Server, (3) the mod_apreq2 module for the Apache HTTP Server, or (4) an application that uses the libapreq2 library, which triggers a heap-based buffer underflow. |
CWE : Common Weakness Enumeration
| % | id | Name |
|---|---|---|
| 50% (2) | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
| 25% (1) | CWE-776 | Unrestricted Recursive Entity References in DTDs ('XML Bomb') |
| 25% (1) | CWE-189 | Numeric Errors |
Open Source Vulnerability Database (OSVDB)
| id | Description |
|---|---|
| 68327 | Apache APR-util buckets/apr_brigade.c apr_brigade_split_line() Function Memor... |
| 55059 | Apache APR-util strmatch/apr_strmatch.c apr_strmatch_precompile Function Craf... |
| 55058 | Apache APR-util apr_brigade_vprintf Function Crafted Input Off-by-one Remote DoS |
| 55057 | Apache APR-util xml/apr_xml.c apr_xml_* Interface Expat XML Parser Crafted XM... |
OpenVAS Exploits
This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
| id | Description |
|---|---|
| 2012-07-30 | Name : CentOS Update for apr-util CESA-2010:0950 centos4 x86_64 File : nvt/gb_CESA-2010_0950_apr-util_centos4_x86_64.nasl |
| 2011-08-09 | Name : CentOS Update for httpd CESA-2009:1108 centos3 i386 File : nvt/gb_CESA-2009_1108_httpd_centos3_i386.nasl |
| 2011-08-09 | Name : CentOS Update for apr-util CESA-2009:1107 centos5 i386 File : nvt/gb_CESA-2009_1107_apr-util_centos5_i386.nasl |
| 2011-05-05 | Name : HP-UX Update for Apache Web Server HPSBUX02645 File : nvt/gb_hp_ux_HPSBUX02645.nasl |
| 2011-01-31 | Name : CentOS Update for apr-util CESA-2010:0950 centos4 i386 File : nvt/gb_CESA-2010_0950_apr-util_centos4_i386.nasl |
| 2011-01-04 | Name : HP-UX Update for Apache-based Web Server HPSBUX02612 File : nvt/gb_hp_ux_HPSBUX02612.nasl |
| 2010-12-23 | Name : RedHat Update for apr-util RHSA-2010:0950-01 File : nvt/gb_RHSA-2010_0950-01_apr-util.nasl |
| 2010-12-02 | Name : Ubuntu Update for apr-util vulnerability USN-1022-1 File : nvt/gb_ubuntu_USN_1022_1.nasl |
| 2010-12-02 | Name : Ubuntu Update for apache2 vulnerabilities USN-1021-1 File : nvt/gb_ubuntu_USN_1021_1.nasl |
| 2010-12-02 | Name : Fedora Update for apr-util FEDORA-2010-16178 File : nvt/gb_fedora_2010_16178_apr-util_fc14.nasl |
| 2010-11-04 | Name : Fedora Update for apr-util FEDORA-2010-15953 File : nvt/gb_fedora_2010_15953_apr-util_fc13.nasl |
| 2010-11-04 | Name : Fedora Update for apr-util FEDORA-2010-15916 File : nvt/gb_fedora_2010_15916_apr-util_fc12.nasl |
| 2010-10-10 | Name : FreeBSD Ports: apr File : nvt/freebsd_apr0.nasl |
| 2010-10-07 | Name : Apache APR-util 'buckets/apr_brigade.c' Denial Of Service Vulnerability File : nvt/gb_apache_apr_util_dos_vuln.nasl |
| 2010-10-04 | Name : Mandriva Update for apr-util MDVSA-2010:192 (apr-util) File : nvt/gb_mandriva_MDVSA_2010_192.nasl |
| 2010-05-12 | Name : Mac OS X 10.6.2 Update / Mac OS X Security Update 2009-006 File : nvt/macosx_upd_10_6_2_secupd_2009-006.nasl |
| 2009-12-10 | Name : Mandriva Security Advisory MDVSA-2009:314 (apr) File : nvt/mdksa_2009_314.nasl |
| 2009-10-13 | Name : SLES10: Security update for libapr-util1 File : nvt/sles10_libapr-util1.nasl |
| 2009-10-11 | Name : SLES11: Security update for libapr-util1 File : nvt/sles11_libapr-util1.nasl |
| 2009-09-02 | Name : FreeBSD Ports: apache File : nvt/freebsd_apache15.nasl |
| 2009-08-17 | Name : Fedora Core 11 FEDORA-2009-8349 (apr-util) File : nvt/fcore_2009_8349.nasl |
| 2009-08-17 | Name : Fedora Core 10 FEDORA-2009-8318 (apr-util) File : nvt/fcore_2009_8318.nasl |
| 2009-08-17 | Name : SuSE Security Summary SUSE-SR:2009:013 File : nvt/suse_sr_2009_013.nasl |
| 2009-07-06 | Name : Gentoo Security Advisory GLSA 200907-03 (apr-util) File : nvt/glsa_200907_03.nasl |
| 2009-06-30 | Name : Fedora Core 11 FEDORA-2009-6261 (apr-util) File : nvt/fcore_2009_6261.nasl |
Snort® IPS/IDS
| Date | Description |
|---|---|
| 2014-01-10 | Apache WebDAV mod_dav nested entity reference DoS attempt RuleID : 23779 - Type : SERVER-APACHE - Revision : 4 |
Nessus® Vulnerability Scanner
This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
| id | Description |
|---|---|
| 2015-09-16 | Name: The remote device is missing a vendor-supplied security patch. File: f5_bigip_SOL15902.nasl - Type: ACT_GATHER_INFO |
| 2014-06-13 | Name: The remote openSUSE host is missing a security update. File: suse_11_4_apache2-110726.nasl - Type: ACT_GATHER_INFO |
| 2014-06-13 | Name: The remote openSUSE host is missing a security update. File: suse_11_3_apache2-110726.nasl - Type: ACT_GATHER_INFO |
| 2014-05-19 | Name: The remote Gentoo host is missing one or more security-related patches. File: gentoo_GLSA-201405-24.nasl - Type: ACT_GATHER_INFO |
| 2013-07-12 | Name: The remote Oracle Linux host is missing one or more security updates. File: oraclelinux_ELSA-2009-1107.nasl - Type: ACT_GATHER_INFO |
| 2013-07-12 | Name: The remote Oracle Linux host is missing one or more security updates. File: oraclelinux_ELSA-2009-1108.nasl - Type: ACT_GATHER_INFO |
| 2013-07-12 | Name: The remote Oracle Linux host is missing one or more security updates. File: oraclelinux_ELSA-2010-0950.nasl - Type: ACT_GATHER_INFO |
| 2012-08-01 | Name: The remote Scientific Linux host is missing one or more security updates. File: sl_20090616_httpd_on_SL3_x.nasl - Type: ACT_GATHER_INFO |
| 2012-08-01 | Name: The remote Scientific Linux host is missing one or more security updates. File: sl_20101207_apr_util_on_SL4_x.nasl - Type: ACT_GATHER_INFO |
| 2012-08-01 | Name: The remote Scientific Linux host is missing one or more security updates. File: sl_20090616_apr_util_on_SL4_x.nasl - Type: ACT_GATHER_INFO |
| 2012-04-20 | Name: The remote web server is affected by multiple vulnerabilities. File: hpsmh_7_0_0_24.nasl - Type: ACT_GATHER_INFO |
| 2011-07-12 | Name: The remote SuSE 11 host is missing one or more security updates. File: suse_11_libapr-util1-110706.nasl - Type: ACT_GATHER_INFO |
| 2011-07-12 | Name: The remote SuSE 11 host is missing one or more security updates. File: suse_11_libapr-util1-110701.nasl - Type: ACT_GATHER_INFO |
| 2011-07-12 | Name: The remote SuSE 10 host is missing a security-related patch. File: suse_libapr-util1-7611.nasl - Type: ACT_GATHER_INFO |
| 2011-02-11 | Name: The remote Slackware host is missing a security update. File: Slackware_SSA_2011-041-03.nasl - Type: ACT_GATHER_INFO |
| 2011-02-11 | Name: The remote Slackware host is missing a security update. File: Slackware_SSA_2011-041-01.nasl - Type: ACT_GATHER_INFO |
| 2011-01-28 | Name: The remote CentOS host is missing one or more security updates. File: centos_RHSA-2010-0950.nasl - Type: ACT_GATHER_INFO |
| 2010-12-08 | Name: The remote Red Hat host is missing one or more security updates. File: redhat-RHSA-2010-0950.nasl - Type: ACT_GATHER_INFO |
| 2010-11-28 | Name: The remote Ubuntu host is missing one or more security-related patches. File: ubuntu_USN-1021-1.nasl - Type: ACT_GATHER_INFO |
| 2010-11-28 | Name: The remote Ubuntu host is missing one or more security-related patches. File: ubuntu_USN-1022-1.nasl - Type: ACT_GATHER_INFO |
| 2010-11-10 | Name: The remote Fedora host is missing a security update. File: fedora_2010-16178.nasl - Type: ACT_GATHER_INFO |
| 2010-10-29 | Name: The remote Fedora host is missing a security update. File: fedora_2010-15916.nasl - Type: ACT_GATHER_INFO |
| 2010-10-29 | Name: The remote Fedora host is missing a security update. File: fedora_2010-15953.nasl - Type: ACT_GATHER_INFO |
| 2010-10-20 | Name: The remote web server may be affected by several issues. File: apache_2_2_17.nasl - Type: ACT_GATHER_INFO |
| 2010-10-20 | Name: The remote web server is affected by multiple vulnerabilities. File: apache_2_0_64.nasl - Type: ACT_GATHER_INFO |
