CVE-2009-0023

medium

Apache

CVSS v3 Base Score

4.3

AV:N/AC:M/Au:N/C:N/I:N/A:P

EPSS Score

14.8%

Exploitation probability in 30 days

Top 5% most likely to be exploited

Attack Characteristics

Attack Vector

Network

Attack Complexity

Confidentiality

None

Integrity

None

Availability

Published: June 8, 2009 (6184 days ago)

Last Modified: April 23, 2026

Vendor: Apache

Source: NVD

Description

The apr_strmatch_precompile function in strmatch/apr_strmatch.c in Apache APR-util before 1.3.5 allows remote attackers to cause a denial of service (daemon crash) via crafted input involving (1) a .htaccess file used with the Apache HTTP Server, (2) the SVNMasterURI directive in the mod_dav_svn module in the Apache HTTP Server, (3) the mod_apreq2 module for the Apache HTTP Server, or (4) an application that uses the libapreq2 library, which triggers a heap-based buffer underflow.

CWE

CWE-119

Affected Products

apache apr-utilapache http server

References

🔗 lists.apple.com 🔗 marc.info 🔗 secunia.com 🔗 secunia.com 🔗 secunia.com

CVE-2009-0023

Vulnerability Report

Description

CWE

Affected Products

References