{"vuid":"VU#757612","idnumber":"757612","name":"Apache Portable Runtime contains heap buffer overflow in apr_psprintf()","keywords":["Apache","mod_dav","DoS","denial of service"],"overview":"The Apache HTTP server contains a denial-of-service vulnerability that allows remote attackers to conduct denial-of-service attacks against an affected server.","clean_desc":"The Apache HTTP server contains a heap buffer overflow vulnerability in the apr_psprintf() function. The Apache Software Foundation has provided the following description of this vulnerability: Apache 2.0 versions 2.0.37 through 2.0.45 can be caused to crash in certain circumstances. This can be triggered remotely through mod_dav and possibly other mechanisms. The crash was originally reported by David Endler <DEndler@iDefense.com> and was researched and fixed by Joe Orton <jorton@redhat.com>. Specific details and an analysis of the crash will be published Friday, May 30. No more specific information is disclosed at this time, but all Apache 2.0 users are encouraged to upgrade now. For further information, please read the announcement located at http://www.apache.org/dist/httpd/Announcement2.html","impact":"This vulnerability allows remote attackers to conduct denial-of-service attacks against an affected server.","resolution":"The Apache Software Foundation recommends that users upgrade to version 2.0.46 to address this vulnerability. The latest version of Apache is available at: http://httpd.apache.org/download.cgi","workarounds":"","sysaffected":"","thanks":"The CERT/CC thanks David Endler for discovering this vulnerability.","author":"This document was written by Jeffrey P. Lanza.","public":["http://www.apache.org/dist/httpd/Announcement2.html","http://www.idefense.com/advisory/05.30.03.txt","http://www.secunia.com/advisories/8881/","http://www.webdav.org/mod_dav/","http://www.iss.net/security_center/static/12090.php"],"cveids":["CVE-2003-0245"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2003-05-28T20:10:15Z","publicdate":"2003-05-28T00:00:00Z","datefirstpublished":"2003-06-24T17:40:09Z","dateupdated":"2003-09-18T18:15:45Z","revision":15,"vrda_d1_directreport":"","vrda_d1_population":"","vrda_d1_impact":"","cam_widelyknown":"15","cam_exploitation":"10","cam_internetinfrastructure":"5","cam_population":"20","cam_impact":"8","cam_easeofexploitation":"10","cam_attackeraccessrequired":"20","cam_scorecurrent":"18","cam_scorecurrentwidelyknown":"21","cam_scorecurrentwidelyknownexploited":"27","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":18.0,"vulnote":null}