CVE-2009-3720 – expat: buffer over-read and crash on XML with malformed UTF-8 sequences
https://notcve.org/view.php?id=CVE-2009-3720
The updatePosition function in lib/xmltok_impl.c in libexpat in Expat 2.0.1, as used in Python, PyXML, w3c-libwww, and other software, allows context-dependent attackers to cause a denial of service (application crash) via an XML document with crafted UTF-8 sequences that trigger a buffer over-read, a different vulnerability than CVE-2009-2625. La función updatePosition en lib/xmltok_impl.c en libexpat en Expat v2.0.1, usado en Python, PyXML, w3c-libwww, ay otros programas, permite a atacantes dependientes de contexto, provocar una denegación de servicio (caída de aplicación) a través de un documento XML con una secuencia de caracteres UTF-8 manipulada que provoca un desbordamiento de búfer fuera de límite (over-read). Vulnerabilidad distinta de CVE-2009-2625. • http://expat.cvs.sourceforge.net/viewvc/expat/expat/lib/xmltok_impl.c?r1=1.13&r2=1.15&view=patch http://expat.cvs.sourceforge.net/viewvc/expat/expat/lib/xmltok_impl.c?view=log http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051228.html http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051247.html http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051367.html http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051405. •
CVE-2009-2699
https://notcve.org/view.php?id=CVE-2009-2699
The Solaris pollset feature in the Event Port backend in poll/unix/port.c in the Apache Portable Runtime (APR) library before 1.3.9, as used in the Apache HTTP Server before 2.2.14 and other products, does not properly handle errors, which allows remote attackers to cause a denial of service (daemon hang) via unspecified HTTP requests, related to the prefork and event MPMs. La opción pollset de Solaris en el backend Event Port en poll/unix/port.c en la librería Apache Portable Runtime (APR) anterior v1.3.9, como los usados en Apache HTTP Server atenrior v2.2.14 y otros productos, no manejan adecuadamente los errores, lo que permite a atacantes remotos causar una denegación de servicio (bloqueo del demonio) a través de peticiones HTTP no especificadas, relativas el prefork y eventos MPMs. • http://marc.info/?l=bugtraq&m=133355494609819&w=2 http://securitytracker.com/id?1022988 http://www.apache.org/dist/httpd/CHANGES_2.2.14 http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html http://www.securityfocus.com/bid/36596 https://exchange.xforce.ibmcloud.com/vulnerabilities/53666 https://issues.apache.org/bugzilla/show_bug.cgi?id=47645 https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e • CWE-667: Improper Locking •
CVE-2009-3095 – httpd: mod_proxy_ftp FTP command injection via Authorization HTTP header
https://notcve.org/view.php?id=CVE-2009-3095
The mod_proxy_ftp module in the Apache HTTP Server allows remote attackers to bypass intended access restrictions and send arbitrary commands to an FTP server via vectors related to the embedding of these commands in the Authorization HTTP header, as demonstrated by a certain module in VulnDisco Pack Professional 8.11. El módulo mod_proxy_ftp en el sevidor HTTP Apache, permite a atacantes remotos evitar las restricciones de acceso establecidas y enviar comandos de su elección a un servidor FTP mediante vectores relacionados con la incrustación de estos comandos en una cabecera "Authorization HTTP", como se demostró con un determinado módulo en VulnDisco Pack Professional v8.11. NOTA: hasta el 03/09/2009 esta vulnerabilidad no tenía información para su puesta en práctica. Sin embargo, ya que el autor de VulnDisco Pack en un investigador de confianza, se ha asignado un CVE al problema para su seguimiento. • http://intevydis.com/vd-list.shtml http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00006.html http://marc.info/?l=bugtraq&m=126998684522511&w=2 http://marc.info/?l=bugtraq&m=127557640302499&w=2 http://marc.info/?l=bugtraq&m=130497311408250&w=2 http://marc.info/?l=bugtraq&m=133355494609819&w=2 http://secunia.com/advisories/37152 http://support.apple.com/kb/HT4077 http:/ •
CVE-2009-3094 – httpd: NULL pointer defer in mod_proxy_ftp caused by crafted EPSV and PASV reply
https://notcve.org/view.php?id=CVE-2009-3094
The ap_proxy_ftp_handler function in modules/proxy/proxy_ftp.c in the mod_proxy_ftp module in the Apache HTTP Server 2.0.63 and 2.2.13 allows remote FTP servers to cause a denial of service (NULL pointer dereference and child process crash) via a malformed reply to an EPSV command. La función ap_proxy_ftp_handler en modules/proxy/proxy_ftp.c en el módulo mod_proxy_ftp en Apache HTTP Server v2.0.63 y v2.2.13, permite a servidores FTP remotos provocar una denegación de servicio (referencia a puntero NULL o caída de proceso hijo) a través de una respuesta mal formada al comando EPSV. • http://intevydis.com/vd-list.shtml http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00006.html http://marc.info/?l=bugtraq&m=126998684522511&w=2 http://marc.info/?l=bugtraq&m=127557640302499&w=2 http://marc.info/?l=bugtraq&m=133355494609819&w=2 http://secunia.com/advisories/36549 http://secunia.com/advisories/37152 http://wiki.rpath.com/Advisories:rPSA-2009-0155 http://www-01.ibm.com/support/docview.wss?uid=swg1PK96858 http://www-01.ibm.com/suppo • CWE-476: NULL Pointer Dereference •
CVE-2008-2384 – mod_auth_mysql: character encoding SQL injection flaw
https://notcve.org/view.php?id=CVE-2008-2384
SQL injection vulnerability in mod_auth_mysql.c in the mod-auth-mysql (aka libapache2-mod-auth-mysql) module for the Apache HTTP Server 2.x, when configured to use a multibyte character set that allows a \ (backslash) as part of the character encoding, allows remote attackers to execute arbitrary SQL commands via unspecified inputs in a login request. Vulnerabilidad de inyección SQL en mod_auth_mysql.c en el módulo mod-auth-mysql (alias libapache2-mod-auth-mysql) para Apache HTTP Server 2.x, permite a atacantes remotos ejecutar comandos SQL de su elección a través de codificaciones de caracteres multibyte para entradas no especificadas. • http://klecker.debian.org/~white/mod-auth-mysql/CVE-2008-2384_mod-auth-mysql.patch http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053899.html http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053903.html http://openwall.com/lists/oss-security/2009/01/21/10 http://secunia.com/advisories/33627 http://secunia.com/advisories/43302 http://www.redhat.com/support/errata/RHSA-2009-0259.html http://www.redhat.com/support/errata/RHSA-2010-1002. • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •