CVE		CVE-2009-0023
Status		UNKNOWN
Description		The apr_strmatch_precompile function in strmatch/apr_strmatch.c in Apache APR-util before 1.3.5 allows remote attackers to cause a denial of service (daemon crash) via crafted input involving (1) a .htaccess file used with the Apache HTTP Server, (2) the SVNMasterURI directive in the mod_dav_svn module in the Apache HTTP Server, (3) the mod_apreq2 module for the Apache HTTP Server, or (4) an application that uses the libapreq2 library, which triggers a heap-based buffer underflow.
Severity		Medium
CVSS score		4,3
CVSS vector		(AV:N/AC:M/Au:N/C:N/I:N/A:P)
Phase		ASSIGNED (18.07.2011)
NVD:		http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0023
References		AIXAPAR : PK88341
		AIXAPAR : PK91241
		AIXAPAR : PK99478
		APPLE : APPLE-SA-2009-11-09-1
		BID : 35221
		BUGTRAQ : 20091112 rPSA-2009-0144-1 apr-util
		CONFIRM : http://support.apple.com/kb/HT3937
		CONFIRM : http://svn.apache.org/viewvc?view=rev&revision...
		CONFIRM : http://wiki.rpath.com/Advisories:rPSA-2009-0144
		CONFIRM : http://www-01.ibm.com/support/docview.wss?uid=swg2...
		CONFIRM : http://www.apache.org/dist/apr/CHANGES-APR-UTIL-1.3
		CONFIRM : https://bugzilla.redhat.com/show_bug.cgi?id=503928
		DEBIAN : DSA-1812
		FEDORA : FEDORA-2009-5969
		FEDORA : FEDORA-2009-6014
		FEDORA : FEDORA-2009-6261
		GENTOO : GLSA-200907-03
		HP : HPSBUX02612
		HP : HPSBUX02612
		MANDRIVA : MDVSA-2009:131
		OVAL : oval:org.mitre.oval:def:10968
		REDHAT : RHSA-2009:1107
		REDHAT : RHSA-2009:1108
		SECUNIA : 34724
		SECUNIA : 35284
		SECUNIA : 35360
		SECUNIA : 35395
		SECUNIA : 35444
		SECUNIA : 35487
		SECUNIA : 35565
		SECUNIA : 35710
		SECUNIA : 35797
		SECUNIA : 35843
		SECUNIA : 37221
		SLACKWARE : SSA:2009-167-02
		UBUNTU : USN-786-1
		UBUNTU : USN-787-1
		VUPEN : ADV-2009-1907
		VUPEN : ADV-2009-3184
		XF : apache-aprstrmatchprecompile-dos(50964)
SecurityVulns:		Apache apr-util webDav DoS