Thread Safety Vulnerability in Apache 2.0.40-2.0.45 Authentication Module

Thread Safety Vulnerability in Apache 2.0.40-2.0.45 Authentication Module

CVE-2003-0189 · MEDIUM Severity

AV:N/AC:L/AU:N/C:N/I:N/A:P

The authentication module for Apache 2.0.40 through 2.0.45 on Unix does not properly handle threads safely when using the crypt_r or crypt functions, which allows remote attackers to cause a denial of service (failed Basic authentication with valid usernames and passwords) when a threaded MPM is used.

Learn more about our Cis Benchmark Audit For Apache Http Server.