CVE-2009-2699

Опубликовано: 13 окт. 2009

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Низкий

Описание

The Solaris pollset feature in the Event Port backend in poll/unix/port.c in the Apache Portable Runtime (APR) library before 1.3.9, as used in the Apache HTTP Server before 2.2.14 and other products, does not properly handle errors, which allows remote attackers to cause a denial of service (daemon hang) via unspecified HTTP requests, related to the prefork and event MPMs.

Ссылки

http://marc.info/?l=bugtraq&m=133355494609819&w=2
Issue Tracking
Mailing List
Third Party Advisory
http://securitytracker.com/id?1022988
Broken Link
Third Party Advisory
VDB Entry
http://www.apache.org/dist/httpd/CHANGES_2.2.14
Broken Link
Vendor Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2013:150
Broken Link
http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html
Third Party Advisory
http://www.securityfocus.com/bid/36596
Patch
Third Party Advisory
VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/53666
Third Party Advisory
VDB Entry
https://issues.apache.org/bugzilla/show_bug.cgi?id=47645
Issue Tracking
Vendor Advisory
https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E
Mailing List
Patch
https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E
Mailing List
Patch
https://lists.apache.org/thread.html/r2295080a257bad27ea68ca0af12fc715577f9e84801eae116a33107e%40%3Ccvs.httpd.apache.org%3E
Mailing List
Patch
https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E
Mailing List
Patch
https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E
Mailing List
Patch
https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E
Mailing List
Patch
https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E
Mailing List
Patch
https://lists.apache.org/thread.html/rad2acee3ab838b52c04a0698b1728a9a43467bf365bd481c993c535d%40%3Ccvs.httpd.apache.org%3E
Mailing List
Patch
https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E
Mailing List
Patch
https://lists.apache.org/thread.html/reb7c64aeea604bf948467d9d1cab8ff23fa7d002be1964bcc275aae7%40%3Ccvs.httpd.apache.org%3E
Mailing List
Patch
https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E
Mailing List
Patch
https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E
Mailing List
Patch

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*

Версия от 2.2.0 (включая) до 2.2.14 (исключая)

cpe:2.3:a:apache:portable_runtime:*:*:*:*:*:*:*:*

Версия до 1.3.9 (исключая)

EPSS

Процентиль: 92%

0.08727

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-667

Связанные уязвимости

CVE-2009-2699

CVSS3: 7.5

ubuntu

около 16 лет назад

CVE-2009-2699

redhat

около 16 лет назад

CVE-2009-2699

CVSS3: 7.5

debian

около 16 лет назад

The Solaris pollset feature in the Event Port backend in poll/unix/por ...

GHSA-2vjp-v45q-4g2x

CVSS3: 7.5

github

больше 3 лет назад

SUSE-SU-2017:2907-1

suse-cvrf

около 8 лет назад

Security update for apache2

EPSS

Процентиль: 92%

0.08727

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-667