Vulnerability CVE-2009-1956


Published: 2009-06-07   Modified: 2013-04-17

Description:
Off-by-one error in the apr_brigade_vprintf function in Apache APR-util before 1.3.5 on big-endian platforms allows remote attackers to obtain sensitive information or cause a denial of service (application crash) via crafted input.

Type:

CWE-189

(Numeric Errors)

Vendor: Apache
Product: Apr-util 
Version:
1.3.4
1.3.3
1.3.2
1.3.1
1.3.0
1.2.8
1.2.7
1.2.6
1.2.2
1.2.1
1.1.2
1.1.1
1.1.0
1.0.2
1.0.1
1.0
0.9.5
0.9.4
0.9.3
0.9.2
0.9.1

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:N/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
6.4/10
4.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
None
Partial

 References:
https://bugzilla.redhat.com/show_bug.cgi?id=504390
http://www.openwall.com/lists/oss-security/2009/06/06/1
http://svn.apache.org/viewvc?view=rev&revision=768417
https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01228.html
https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01201.html
https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01173.html
http://www.vupen.com/english/advisories/2009/3184
http://www.vupen.com/english/advisories/2009/1907
http://www.ubuntu.com/usn/usn-787-1
http://www.ubuntu.com/usn/usn-786-1
http://www.securityfocus.com/bid/35251
http://www.redhat.com/support/errata/RHSA-2009-1108.html
http://www.redhat.com/support/errata/RHSA-2009-1107.html
http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html
http://www.mandriva.com/security/advisories?name=MDVSA-2009:131
http://www.mail-archive.com/dev@apr.apache.org/msg21592.html
http://www.mail-archive.com/dev@apr.apache.org/msg21591.html
http://www.apache.org/dist/apr/CHANGES-APR-UTIL-1.3
http://www-01.ibm.com/support/docview.wss?uid=swg27014463
http://www-01.ibm.com/support/docview.wss?uid=swg1PK99478
http://www-01.ibm.com/support/docview.wss?uid=swg1PK91241
http://www-01.ibm.com/support/docview.wss?uid=swg1PK88341
http://support.apple.com/kb/HT3937
http://security.gentoo.org/glsa/glsa-200907-03.xml
http://secunia.com/advisories/37221
http://secunia.com/advisories/35843
http://secunia.com/advisories/35797
http://secunia.com/advisories/35710
http://secunia.com/advisories/35565
http://secunia.com/advisories/35487
http://secunia.com/advisories/35395
http://secunia.com/advisories/35284
http://secunia.com/advisories/34724
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:12237
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11567
http://marc.info/?l=bugtraq&m=129190899612998&w=2
http://marc.info/?l=bugtraq&m=129190899612998&w=2
http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html

Related CVE
CVE-2017-7661
Apache CXF Fediz ships with a number of container-specific plugins to enable WS-Federation for applications. A CSRF (Cross Style Request Forgery) style vulnerability has been found in the Spring 2, Spring 3, Jetty 8 and Jetty 9 plugins in Apache CXF ...
CVE-2017-7662
Apache CXF Fediz ships with an OpenId Connect (OIDC) service which has a Client Registration Service, which is a simple web application that allows clients to be created, deleted, etc. A CSRF (Cross Style Request Forgery) style vulnerability has been...
CVE-2017-5655
In Ambari 2.2.2 through 2.4.2 and Ambari 2.5.0, sensitive data may be stored on disk in temporary files on the Ambari Server host. The temporary files are readable by any user authenticated on the host.
CVE-2017-5654
In Ambari 2.4.x (before 2.4.3) and Ambari 2.5.0, an authorized user of the Ambari Hive View may be able to gain unauthorized read access to files on the host where the Ambari server executes.
CVE-2016-6799
Product: Apache Cordova Android 5.2.2 and earlier. The application calls methods of the Log class. Messages passed to these methods (Log.v(), Log.d(), Log.i(), Log.w(), and Log.e()) are stored in a series of circular buffers on the device. By default...
CVE-2016-4467
The C client and C-based client bindings in the Apache Qpid Proton library before 0.13.1 on Windows do not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certifica...
CVE-2017-3161
The HDFS web UI in Apache Hadoop before 2.7.0 is vulnerable to a cross-site scripting (XSS) attack through an unescaped query parameter.
CVE-2017-3162
HDFS clients interact with a servlet on the DataNode to browse the HDFS namespace. The NameNode is provided as a query parameter that is not validated in Apache Hadoop before 2.7.0.

Copyright 2017, cxsecurity.com