This script is Copyright (C) 2009-2015 Tenable Network Security, Inc.
The remote Gentoo host is missing one or more security-related
The remote host is affected by the vulnerability described in GLSA-200907-03
(APR Utility Library: Multiple vulnerabilities)
Multiple vulnerabilities have been discovered in the APR Utility
Matthew Palmer reported a heap-based buffer
underflow while compiling search patterns in the
apr_strmatch_precompile() function in strmatch/apr_strmatch.c
kcope reported that the expat XML parser in
xml/apr_xml.c does not limit the amount of XML entities expanded
C. Michael Pilato reported an
off-by-one error in the apr_brigade_vprintf() function in
A remote attacker could exploit these vulnerabilities to cause a Denial
of Service (crash or memory exhaustion) via an Apache HTTP server
running mod_dav or mod_dav_svn, or using several configuration files.
Additionally, a remote attacker could disclose sensitive information or
cause a Denial of Service by sending a specially crafted input. NOTE:
Only big-endian architectures such as PPC and HPPA are affected by the
There is no known workaround at this time.
See also :
All Apache Portable Runtime Utility Library users should upgrade to the
# emerge --sync
# emerge --ask --oneshot --verbose '>=dev-libs/apr-util-1.3.7'
Risk factor :
High / CVSS Base Score : 7.8
CVSS Temporal Score : 5.8
Public Exploit Available : false
Family: Gentoo Local Security Checks
Nessus Plugin ID: 39614 (gentoo_GLSA-200907-03.nasl)
Bugtraq ID: 352213525135253
CVE ID: CVE-2009-0023CVE-2009-1955CVE-2009-1956
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.