Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2003-0189

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2003-0189
Last Modified 05 Sep 2008 04:33:42
Published 09 Jun 2003 12:00:00
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2003-0189

Summary

The authentication module for Apache 2.0.40 through 2.0.45 on Unix does not properly handle threads safely when using the crypt_r or crypt functions, which allows remote attackers to cause a denial of service (failed Basic authentication with valid usernames and passwords) when a threaded MPM is used.

Vulnerable Systems

Application

  • Apache Http Server 2.0.40

  • Apache Http Server 2.0.41

  • Apache Http Server 2.0.42

  • Apache Http Server 2.0.43

  • Apache Http Server 2.0.44

  • Apache Http Server 2.0.45


References

CERT-VN - VU#479268

REDHAT - RHSA-2003:186

CONFIRM - http://www.apache.org/dist/httpd/Announcement2.html

BUGTRAQ - 20030528 [SECURITY] [ANNOUNCE] Apache 2.0.46 released

XF - apache-aprpasswordvalidate-dos(12091)

BID - 7725

SECUNIA - 8881

CONECTIVA - CLA-2003:661


Last Updated: 27 May 2016 10:37:48