The authentication module for Apache 2.0.40 through 2.0.45 on Unix does not properly handle threads safely when using the crypt_r or crypt functions, which allows remote attackers to cause a denial of service (failed Basic authentication with valid usernames and passwords) when a threaded MPM is used.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Http_server | Apache | 2.0.40 (including) | 2.0.40 (including) |
Http_server | Apache | 2.0.41 (including) | 2.0.41 (including) |
Http_server | Apache | 2.0.42 (including) | 2.0.42 (including) |
Http_server | Apache | 2.0.43 (including) | 2.0.43 (including) |
Http_server | Apache | 2.0.44 (including) | 2.0.44 (including) |
Http_server | Apache | 2.0.45 (including) | 2.0.45 (including) |
Red Hat Linux 8.0 | RedHat | * | |
Red Hat Linux 9 | RedHat | * |