Vulnerability CVE-2009-1956


Published: 2009-06-07   Modified: 2013-04-17

Description:
Off-by-one error in the apr_brigade_vprintf function in Apache APR-util before 1.3.5 on big-endian platforms allows remote attackers to obtain sensitive information or cause a denial of service (application crash) via crafted input.

Type:

CWE-189

(Numeric Errors)

Vendor: Apache
Product: Apr-util 
Version:
1.3.4
1.3.3
1.3.2
1.3.1
1.3.0
1.2.8
1.2.7
1.2.6
1.2.2
1.2.1
1.1.2
1.1.1
1.1.0
1.0.2
1.0.1
1.0
0.9.5
0.9.4
0.9.3
0.9.2
0.9.1

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:N/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
6.4/10
4.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
None
Partial

 References:
https://bugzilla.redhat.com/show_bug.cgi?id=504390
http://www.openwall.com/lists/oss-security/2009/06/06/1
http://svn.apache.org/viewvc?view=rev&revision=768417
https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01228.html
https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01201.html
https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01173.html
http://www.vupen.com/english/advisories/2009/3184
http://www.vupen.com/english/advisories/2009/1907
http://www.ubuntu.com/usn/usn-787-1
http://www.ubuntu.com/usn/usn-786-1
http://www.securityfocus.com/bid/35251
http://www.redhat.com/support/errata/RHSA-2009-1108.html
http://www.redhat.com/support/errata/RHSA-2009-1107.html
http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html
http://www.mandriva.com/security/advisories?name=MDVSA-2009:131
http://www.mail-archive.com/dev@apr.apache.org/msg21592.html
http://www.mail-archive.com/dev@apr.apache.org/msg21591.html
http://www.apache.org/dist/apr/CHANGES-APR-UTIL-1.3
http://www-01.ibm.com/support/docview.wss?uid=swg27014463
http://www-01.ibm.com/support/docview.wss?uid=swg1PK99478
http://www-01.ibm.com/support/docview.wss?uid=swg1PK91241
http://www-01.ibm.com/support/docview.wss?uid=swg1PK88341
http://support.apple.com/kb/HT3937
http://security.gentoo.org/glsa/glsa-200907-03.xml
http://secunia.com/advisories/37221
http://secunia.com/advisories/35843
http://secunia.com/advisories/35797
http://secunia.com/advisories/35710
http://secunia.com/advisories/35565
http://secunia.com/advisories/35487
http://secunia.com/advisories/35395
http://secunia.com/advisories/35284
http://secunia.com/advisories/34724
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:12237
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11567
http://marc.info/?l=bugtraq&m=129190899612998&w=2
http://marc.info/?l=bugtraq&m=129190899612998&w=2
http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html

Related CVE
CVE-2016-5394
In the XSS Protection API module before 1.0.12 in Apache Sling, the encoding done by the XSSAPI.encodeForJSString() method is not restrictive enough and for some input patterns allows script tags to pass through unencoded, leading to potential XSS vu...
CVE-2017-7685
Apache OpenMeetings 1.0.0 responds to the following insecure HTTP methods: PUT, DELETE, HEAD, and PATCH.
CVE-2017-7688
Apache OpenMeetings 1.0.0 updates user password in insecure manner.
CVE-2017-7684
Apache OpenMeetings 1.0.0 doesn't check contents of files being uploaded. An attacker can cause a denial of service by uploading multiple large files to the server.
CVE-2017-7681
Apache OpenMeetings 1.0.0 is vulnerable to SQL injection. This allows authenticated users to modify the structure of the existing query and leak the structure of other queries being made by the application in the back-end.
CVE-2017-7683
Apache OpenMeetings 1.0.0 displays Tomcat version and detailed error stack trace, which is not secure.
CVE-2017-7682
Apache OpenMeetings 3.2.0 is vulnerable to parameter manipulation attacks, as a result attacker has access to restricted areas.
CVE-2017-7673
Apache OpenMeetings 1.0.0 uses not very strong cryptographic storage, captcha is not used in registration and forget password dialogs and auth forms missing brute force protection.

Copyright 2017, cxsecurity.com