1. Home
  2. CVE Database
  3. CVE-2003-0189
MEDIUM · 5.0

CVE-2003-0189

The authentication module for Apache 2.0.40 through 2.0.45 on Unix does not properly handle threads safely when using the crypt_r or crypt functions, which allows remote attackers to cause a denial of...

Vulnerability Description

The authentication module for Apache 2.0.40 through 2.0.45 on Unix does not properly handle threads safely when using the crypt_r or crypt functions, which allows remote attackers to cause a denial of service (failed Basic authentication with valid usernames and passwords) when a threaded MPM is used.

CVSS Score

5.0

MEDIUM

AV:N/AC:L/Au:N/C:N/I:N/A:P
Confidentiality
NONE
Integrity
NONE
Availability
PARTIAL

Affected Products

VendorProductVersions
ApacheHttp Server2.0.40

References

FAQ

What is CVE-2003-0189?

CVE-2003-0189 is a vulnerability with a CVSS score of 5.0 (MEDIUM). The authentication module for Apache 2.0.40 through 2.0.45 on Unix does not properly handle threads safely when using the crypt_r or crypt functions, which allows remote attackers to cause a denial of...

How severe is CVE-2003-0189?

CVE-2003-0189 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2003-0189?

Check the references section above for vendor advisories and patch information. Affected products include: Apache Http Server.