Vulnerability CVE-2009-1956


Published: 2009-06-07   Modified: 2012-02-13

Description:
Off-by-one error in the apr_brigade_vprintf function in Apache APR-util before 1.3.5 on big-endian platforms allows remote attackers to obtain sensitive information or cause a denial of service (application crash) via crafted input.

Type:

CWE-189

(Numeric Errors)

Vendor: Apache
Product: Apr-util 
Version:
1.3.4
1.3.3
1.3.2
1.3.1
1.3.0
1.2.8
1.2.7
1.2.6
1.2.2
1.2.1
1.1.2
1.1.1
1.1.0
1.0.2
1.0.1
1.0
0.9.5
0.9.4
0.9.3
0.9.2
0.9.1

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:N/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
6.4/10
4.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
None
Partial

 References:
https://bugzilla.redhat.com/show_bug.cgi?id=504390
http://www.openwall.com/lists/oss-security/2009/06/06/1
http://svn.apache.org/viewvc?view=rev&revision=768417
https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01228.html
https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01201.html
https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01173.html
http://www.vupen.com/english/advisories/2009/3184
http://www.vupen.com/english/advisories/2009/1907
http://www.ubuntu.com/usn/usn-787-1
http://www.ubuntu.com/usn/usn-786-1
http://www.securityfocus.com/bid/35251
http://www.redhat.com/support/errata/RHSA-2009-1108.html
http://www.redhat.com/support/errata/RHSA-2009-1107.html
http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html
http://www.mandriva.com/security/advisories?name=MDVSA-2009:131
http://www.mail-archive.com/dev@apr.apache.org/msg21592.html
http://www.mail-archive.com/dev@apr.apache.org/msg21591.html
http://www.apache.org/dist/apr/CHANGES-APR-UTIL-1.3
http://www-01.ibm.com/support/docview.wss?uid=swg27014463
http://www-01.ibm.com/support/docview.wss?uid=swg1PK99478
http://www-01.ibm.com/support/docview.wss?uid=swg1PK91241
http://www-01.ibm.com/support/docview.wss?uid=swg1PK88341
http://support.apple.com/kb/HT3937
http://security.gentoo.org/glsa/glsa-200907-03.xml
http://secunia.com/advisories/37221
http://secunia.com/advisories/35843
http://secunia.com/advisories/35797
http://secunia.com/advisories/35710
http://secunia.com/advisories/35565
http://secunia.com/advisories/35487
http://secunia.com/advisories/35395
http://secunia.com/advisories/35284
http://secunia.com/advisories/34724
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:12237
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11567
http://marc.info/?l=bugtraq&m=129190899612998&w=2
http://marc.info/?l=bugtraq&m=129190899612998&w=2
http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html

Related CVE
CVE-2017-5641
Previous versions of Apache Flex BlazeDS (4.7.2 and earlier) did not restrict which types were allowed for AMF(X) object deserialization by default. During the deserialization process code is executed that for several known types has undesired side-e...
CVE-2017-15700
A flaw in the org.apache.sling.auth.core.AuthUtil#isRedirectValid method in Apache Sling Authentication Service 1.4.0 allows an attacker, through the Sling login form, to trick a victim to send over their credentials.
CVE-2017-12630
In Apache Drill 1.11.0 and earlier when submitting form from Query page users are able to pass arbitrary script or HTML which will take effect on Profile page afterwards. Example: after submitting special script that returns cookie information from Q...
CVE-2017-5663
In Apache Fineract 0.4.0-incubating, 0.5.0-incubating, and 0.6.0-incubating, an authenticated user with client/loan/center/staff/group read permissions is able to inject malicious SQL into SELECT queries. The 'sqlSearch' parameter on a number of endp...
CVE-2017-15708
In Apache Synapse, by default no authentication is required for Java Remote Method Invocation (RMI). So Apache Synapse 3.0.1 or all previous releases (3.0.0, 2.1.0, 2.0.0, 1.2, 1.1.2, 1.1.1) allows remote code execution attacks that can be performed ...
CVE-2017-15707
In Apache Struts 2.5 to 2.5.14, the REST Plugin is using an outdated JSON-lib library which is vulnerable and allow perform a DoS attack using malicious request with specially crafted JSON payload.
CVE-2017-12631
Apache CXF Fediz ships with a number of container-specific plugins to enable WS-Federation for applications. A CSRF (Cross Style Request Forgery) style vulnerability has been found in the Spring 2, Spring 3 and Spring 4 plugins in versions before 1.4...
CVE-2017-3157
By exploiting the way Apache OpenOffice before 4.1.4 renders embedded objects, an attacker could craft a document that allows reading in a file from the user's filesystem. Information could be retrieved by the attacker by, e.g., using hidden sections...

Copyright 2018, cxsecurity.com

 

Back to Top