VYPR
Unrated severityNVD Advisory· Published Jun 9, 2003· Updated Jun 16, 2026

CVE-2003-0189

CVE-2003-0189

Description

The authentication module for Apache 2.0.40 through 2.0.45 on Unix does not properly handle threads safely when using the crypt_r or crypt functions, which allows remote attackers to cause a denial of service (failed Basic authentication with valid usernames and passwords) when a threaded MPM is used.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

7
  • cpe:2.3:a:apache:http_server:2.0.40:*:*:*:*:*:*:*+ 6 more
    • cpe:2.3:a:apache:http_server:2.0.40:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:http_server:2.0.41:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:http_server:2.0.42:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:http_server:2.0.43:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:http_server:2.0.44:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:http_server:2.0.45:*:*:*:*:*:*:*
    • (no CPE)range: >=2.0.40 <=2.0.45

Patches

Vulnerability mechanics

References

22

News mentions

0

No linked articles in our index yet.