Produkt Apr-util (...) - CVEMAP.ORG

Podatności dla 'Apr-util'

2011-05-24

CVE-2011-1928

CWE-399

The fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library 1.4.3 and 1.4.4, and the Apache HTTP Server 2.2.18, allows remote attackers to cause a denial of service (infinite loop) via a URI that does not match unspecified types of wildcard patterns, as demonstrated by attacks against mod_autoindex in httpd when a /*/WEB-INF/ configuration pattern is used. NOTE: this issue exists because of an incorrect fix for CVE-2011-0419.

2010-10-04

CVE-2010-1623

Memory leak in the apr_brigade_split_line function in buckets/apr_brigade.c in the Apache Portable Runtime Utility library (aka APR-util) before 1.3.10, as used in the mod_reqtimeout module in the Apache HTTP Server and other software, allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors related to the destruction of an APR bucket.

2009-08-06

CVE-2009-2412

Multiple integer overflows in the Apache Portable Runtime (APR) library and the Apache Portable Utility library (aka APR-util) 0.9.x and 1.3.x allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger crafted calls to the (1) allocator_alloc or (2) apr_palloc function in memory/unix/apr_pools.c in APR; or crafted calls to the (3) apr_rmm_malloc, (4) apr_rmm_calloc, or (5) apr_rmm_realloc function in misc/apr_rmm.c in APR-util; leading to buffer overflows. NOTE: some of these details are obtained from third party information.

2009-06-07

CVE-2009-1956

CWE-189

Off-by-one error in the apr_brigade_vprintf function in Apache APR-util before 1.3.5 on big-endian platforms allows remote attackers to obtain sensitive information or cause a denial of service (application crash) via crafted input.

CVE-2009-1955

CWE-399

The expat XML parser in the apr_xml_* interface in xml/apr_xml.c in Apache APR-util before 1.3.7, as used in the mod_dav and mod_dav_svn modules in the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, as demonstrated by a PROPFIND request, a similar issue to CVE-2003-1564.

CVE-2009-0023

CWE-119

The apr_strmatch_precompile function in strmatch/apr_strmatch.c in Apache APR-util before 1.3.5 allows remote attackers to cause a denial of service (daemon crash) via crafted input involving (1) a .htaccess file used with the Apache HTTP Server, (2) the SVNMasterURI directive in the mod_dav_svn module in the Apache HTTP Server, (3) the mod_apreq2 module for the Apache HTTP Server, or (4) an application that uses the libapreq2 library, which triggers a heap-based buffer underflow.

>>> Vendor: Apache 247 Produkty

Mod auth radius

Coyote http connector

Open for business project

Tomcat jk web server connector

Myfaces tomahawk

Apache webserver

Apache http server

Portable runtime

Apache commons daemon

Http server2.0a1

Http server2.0a2

Http server2.0a3

Http server2.0a4

Http server2.0a5

Http server2.0a6

Http server2.0a7

Http server2.0a8

Http server2.0a9

Commons-compress

Org.apache.sling.servlets.post

Commons-httpclient

Commons fileupload

Struts2-showcase

Xml security for c++

Xml security for java

Sling auth core component

Httpasyncclient

Mod auth mellon

Santuario xml security for java

Standard taglibs

Zobacz wszystkie produkty dla producenta Apache

Copyright 2024, cxsecurity.com