Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2009-1955

Опубликовано: 08 июн. 2009
Источник: nvd
CVSS3: 7.5
CVSS2: 5
EPSS Низкий

Описание

The expat XML parser in the apr_xml_* interface in xml/apr_xml.c in Apache APR-util before 1.3.7, as used in the mod_dav and mod_dav_svn modules in the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, as demonstrated by a PROPFIND request, a similar issue to CVE-2003-1564.

Ссылки

Уязвимые конфигурации

Конфигурация 1
cpe:2.3:a:apache:apr-util:*:*:*:*:*:*:*:*
Версия до 1.3.7 (исключая)
Конфигурация 2
cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
Версия до 10.6.2 (исключая)
Конфигурация 3
cpe:2.3:o:suse:linux_enterprise_server:9:*:*:*:*:*:*:*
Конфигурация 4
cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*
Конфигурация 5

Одно из

cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:-:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:8.10:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:9.04:*:*:*:*:*:*:*
Конфигурация 6

Одно из

cpe:2.3:o:fedoraproject:fedora:9:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:10:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:11:*:*:*:*:*:*:*
Конфигурация 7
cpe:2.3:a:oracle:http_server:-:*:*:*:*:*:*:*
Конфигурация 8
cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*
Версия от 2.2.0 (включая) до 2.2.12 (исключая)

EPSS

Процентиль: 87%
0.03662
Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-776

Связанные уязвимости

ubuntu логотип

CVE-2009-1955

CVSS3: 7.5
ubuntu
около 16 лет назад

The expat XML parser in the apr_xml_* interface in xml/apr_xml.c in Apache APR-util before 1.3.7, as used in the mod_dav and mod_dav_svn modules in the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, as demonstrated by a PROPFIND request, a similar issue to CVE-2003-1564.

redhat логотип

CVE-2009-1955

redhat
около 16 лет назад

The expat XML parser in the apr_xml_* interface in xml/apr_xml.c in Apache APR-util before 1.3.7, as used in the mod_dav and mod_dav_svn modules in the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, as demonstrated by a PROPFIND request, a similar issue to CVE-2003-1564.

debian логотип

CVE-2009-1955

CVSS3: 7.5
debian
около 16 лет назад

The expat XML parser in the apr_xml_* interface in xml/apr_xml.c in Ap ...

github логотип

GHSA-hfr6-pxvf-frf7

CVSS3: 7.5
github
около 3 лет назад

The expat XML parser in the apr_xml_* interface in xml/apr_xml.c in Apache APR-util before 1.3.7, as used in the mod_dav and mod_dav_svn modules in the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, as demonstrated by a PROPFIND request, a similar issue to CVE-2003-1564.

oracle-oval логотип

ELSA-2009-1107

oracle-oval
около 16 лет назад

ELSA-2009-1107: apr-util security update (MODERATE)

EPSS

Процентиль: 87%
0.03662
Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-776