Description

The authentication module for Apache 2.0.40 through 2.0.45 on Unix does not properly handle threads safely when using the crypt_r or crypt functions, which allows remote attackers to cause a denial of service (failed Basic authentication with valid usernames and passwords) when a threaded MPM is used.

Remediation

References

CVE-2003-0189

Related Vulnerabilities

WordPress Plugin UpdraftPlus WordPress Backup Cross-Site Scripting (1.9.63)

Magento Incorrect Authorization Vulnerability (CVE-2021-28567)

math.js Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2017-1001002)

Oracle Database Server Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2007-0270)

WordPress Plugin Slideshow Gallery LITE Cross-Site Scripting (1.5.3.4)

Severity

Medium

Classification

CVE-2003-0189

Tags

Missing Update Known Vulnerabilities