The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Apache Apache Portable Runtime Util

computer vulnerability note CVE-2017-12618

Apache APR-util: out-of-bounds memory reading via apr_sdbm

Synthesis of the vulnerability

An attacker can force a read at an invalid address via apr_sdbm() of Apache APR-util, in order to trigger a denial of service, or to obtain sensitive information.
Impacted products: APR-util, Mac OS X, Debian, Fedora, WebSphere AS Traditional, openSUSE Leap.
Severity: 2/4.
Consequences: data reading, denial of service on service, denial of service on client.
Provenance: user shell.
Creation date: 24/10/2017.
Identifiers: 2009782, CVE-2017-12618, DLA-1163-1, FEDORA-2017-329e5fb4c9, HT209139, HT209193, openSUSE-SU-2017:3325-1, VIGILANCE-VUL-24219.

Description of the vulnerability

An attacker can force a read at an invalid address via apr_sdbm() of Apache APR-util, in order to trigger a denial of service, or to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2015-1283

Expat: integer overflow of XML

Synthesis of the vulnerability

An attacker can generate an integer overflow in the XML parser of Expat, in order to trigger a denial of service, and possibly to run code.
Impacted products: APR-util, Debian, BIG-IP Hardware, TMOS, FreeBSD, Android OS, Domino, Notes, Tivoli System Automation, WebSphere AS Traditional, Juniper EX-Series, Juniper J-Series, Junos OS, SRX-Series, openSUSE, openSUSE Leap, Solaris, pfSense, Python, Slackware, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: user access/rights, denial of service on service, denial of service on client.
Provenance: document.
Creation date: 27/07/2015.
Identifiers: 1964428, 1965444, 1967199, 1969062, 1990421, 1990658, bulletinjul2016, CVE-2015-1283, DSA-3318-1, FreeBSD-SA-15:20.expat, JSA10904, openSUSE-SU-2016:1441-1, openSUSE-SU-2016:1523-1, SOL15104541, SSA:2016-359-01, SUSE-SU-2016:1508-1, SUSE-SU-2016:1512-1, USN-2726-1, USN-3013-1, VIGILANCE-VUL-17498.

Description of the vulnerability

An attacker can generate an integer overflow in the XML parser of Expat, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2011-0419

Apache APR, httpd: denial of service via apr_fnmatch

Synthesis of the vulnerability

An attacker can create a denial of service in applications using apr_fnmatch of APR. When mod_autoindex is activated in Apache httpd, a remote attacker can employ a special request in order to create a denial of service.
Impacted products: APR-core, APR-util, Apache httpd, Debian, BIG-IP Hardware, TMOS, OpenView, OpenView NNM, HP-UX, Junos Space, Junos Space Network Management Platform, NSM Central Manager, NSMXpress, Mandriva Linux, NLD, OpenSolaris, openSUSE, Solaris, Trusted Solaris, RHEL, JBoss EAP by Red Hat, Slackware, SUSE Linux Enterprise Desktop, SLES.
Severity: 3/4.
Consequences: denial of service on server.
Provenance: internet client.
Creation date: 12/05/2011.
Revisions dates: 12/05/2011, 13/05/2011.
Identifiers: 703390, c02997184, c03011498, c03025215, CERTA-2011-AVI-296, CERTA-2011-AVI-309, CERTA-2011-AVI-515, CERTA-2011-AVI-618, CERTA-2013-AVI-243, CVE-2011-0419, DSA-2237-1, DSA-2237-2, HPSBMU02704, HPSBUX02702, HPSBUX02707, MDVSA-2011:084, openSUSE-SU-2011:0859-1, PSN-2012-11-767, PSN-2013-02-846, RHSA-2011:0507-01, RHSA-2011:0896-01, RHSA-2011:0897-01, SOL15920, SSA:2011-133-01, SSRT100606, SSRT100619, SSRT100626, SUSE-SU-2011:0763-1, SUSE-SU-2011:0763-2, SUSE-SU-2011:0797-1, SUSE-SU-2011:1229-1, VIGILANCE-VUL-10645.

Description of the vulnerability

The APR (Apache Portable Runtime) is a software library for the Apache web server making it portable when some features are not included in the operating system.

The apr_fnmatch() function of the APR library defines in "strings/apr_fnmatch.c" permit to check if a file name contains a shell pattern, such as "file*.txt". This function implements a recursive algorithm. However, if the search pattern contains many '*', the function is then called recursively many times, and consumes resources.

The Apache httpd mod_autoindex module generates index pages of directories.

The apr_fnmatch() function of the APR library is used by mod_autoindex for index generation corresponding to a model/filter. However when a directory contains long filenames is indexed by mod_autoindex, the apr_fnmatch() function consumes many resources, this causes a denial of service.

An attacker can therefore create a denial of service in applications using apr_fnmatch of APR.
When mod_autoindex is activated in Apache httpd, a remote attacker can therefore employ a special request in order to create a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2009-1956

Apache APR-util: overflow of apr_brigade_vprintf

Synthesis of the vulnerability

An attacker can generate an off by one overflow in the apr_brigade_vprintf() function of Apache APR-util.
Impacted products: APR-util, Apache httpd, Fedora, HP-UX, WebSphere AS Traditional, NSM Central Manager, NSMXpress, Mandriva Linux, Mandriva NF, NLD, OES, openSUSE, Solaris, RHEL, Slackware, SLES.
Severity: 2/4.
Consequences: user access/rights, denial of service on service.
Provenance: internet client.
Creation date: 08/06/2009.
Identifiers: 504390, BID-35251, c02579879, CVE-2009-1956, FEDORA-2009-5969, FEDORA-2009-6014, FEDORA-2009-6261, HPSBUX02612, MDVSA-2009:131, MDVSA-2009:131-1, MDVSA-2009:314, PK87176, PK88341, PK88342, PK91361, PK99477, PK99478, PK99480, PSN-2012-11-767, RHSA-2009:1107-01, RHSA-2009:1108-01, RHSA-2010:0602-02, SSA:2009-214-01, SSRT100345, SUSE-SR:2009:013, VIGILANCE-VUL-8768.

Description of the vulnerability

The Apache APR-util library offers the "bucket" module which is used to store data organized in "brigades" (double chained list).

The apr_brigade_vprintf() function adds a formatted string in a brigade. This function adds a '\0' string terminator at the end of the buffer. However, it does not check if the buffer can contain this character. An overflow of one byte thus occurs.

An attacker can therefore generate an off by one overflow in the apr_brigade_vprintf() function, in order to generate a denial of service in applications linked to Apache APR-util.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2009-0023

Apache APR-util: denial of service via apr_strmatch

Synthesis of the vulnerability

An attacker can create a denial of service in applications using apr_strmatch of APR-util.
Impacted products: APR-util, Apache httpd, Debian, Fedora, HP-UX, WebSphere AS Traditional, NSM Central Manager, NSMXpress, Mandriva Linux, Mandriva NF, NLD, OES, openSUSE, Solaris, RHEL, Slackware, SLES.
Severity: 2/4.
Consequences: denial of service on service.
Provenance: internet client.
Creation date: 05/06/2009.
Identifiers: BID-35221, c02579879, CERTA-2009-AVI-244, CERTA-2009-AVI-408, CERTA-2009-AVI-471, CERTA-2012-AVI-023, CVE-2009-0023, DSA-1812-1, FEDORA-2009-5969, FEDORA-2009-6014, FEDORA-2009-6261, HPSBUX02612, MDVSA-2009:131, MDVSA-2009:131-1, MDVSA-2009:314, PK87176, PK88341, PK88342, PK91361, PK99477, PK99478, PK99480, PSN-2012-11-767, RHSA-2009:1107-01, RHSA-2009:1108-01, RHSA-2009:1160-01, RHSA-2010:0602-02, SSA:2009-167-02, SSA:2009-214-01, SSRT100345, SUSE-SR:2009:013, VIGILANCE-VUL-8766.

Description of the vulnerability

The Apache APR-util library offers the strmatch module which searches a pattern in a string, using the Boyer-Moore-Horspool algorithm.

This algorithm uses a shift related to the offset of a character from the end of the pattern. For example, if the pattern is "cherche":
 - the shift of 'e' is 4 (chErche, the last 'e' is ignored)
 - the shift of 'h' is 1 (chercHe)
 - the shift of 'c' is 2 (cherChe)
 - the shift of 'r' is 3 (cheRche)

The strmatch module uses an array of 256 characters indicating the shift of each character (shift['e']=4, etc.). However, the character is stored in a signed "char". When the character is superior to 127, the index in the shift table is negative, which forces a read at an invalid address.

An attacker can therefore use a pattern containing characters superior to 127 in order to stop applications linked to Apache APR-util.

For example, following applications are vulnerable:
 - Apache httpd via a .htaccess file
 - mod_dav_svn if the "SVNMasterURI" directive is used
 - mod_apreq2
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2009-1955

Apache APR-util: denial of service via XML

Synthesis of the vulnerability

An attacker can construct complex XML data in order to generate a denial of service in applications linked to APR-util.
Impacted products: APR-util, Apache httpd, Debian, Fedora, HP-UX, NSM Central Manager, NSMXpress, Mandriva Linux, Mandriva NF, NLD, OES, openSUSE, Solaris, RHEL, Slackware, SLES.
Severity: 2/4.
Consequences: denial of service on service.
Provenance: internet client.
Creation date: 04/06/2009.
Identifiers: BID-35253, c02579879, CVE-2009-1955, DSA-1812-1, FEDORA-2009-5969, FEDORA-2009-6014, FEDORA-2009-6261, HPSBUX02612, MDVSA-2009:131, MDVSA-2009:131-1, MDVSA-2009:314, PSN-2012-11-767, RHSA-2009:1107-01, RHSA-2009:1108-01, RHSA-2009:1160-01, RHSA-2010:0602-02, SSA:2009-167-02, SSA:2009-214-01, SSRT100345, SUSE-SR:2009:013, SUSE-SR:2010:011, VIGILANCE-VUL-8761.

Description of the vulnerability

The Apache APR-util library implements an XML parser.

An XML entity (such as "&abc;") is used to define an alias of a character or of a text string.

An attacker can create an entity built with several entities, which are also built on several entities, etc. The equivalent entity is thus very complex and very large. When the XML parser of APR-util analyzes this entity, it consumes a large amount of resources.

An attacker can therefore construct complex XML data in order to generate a denial of service in applications linked to APR-util. The mod_webdav module is for example impacted.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Apache Apache Portable Runtime Util: