Описание
The expat XML parser in the apr_xml_* interface in xml/apr_xml.c in Apache APR-util before 1.3.7, as used in the mod_dav and mod_dav_svn modules in the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, as demonstrated by a PROPFIND request, a similar issue to CVE-2003-1564.
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | released | 2.0.55-4ubuntu2.5 |
| devel | not-affected | uses system apr-util |
| hardy | not-affected | uses system apr-util |
| intrepid | not-affected | uses system apr-util |
| jaunty | not-affected | uses system apr-util |
| upstream | needs-triage |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | DNE | |
| devel | not-affected | 1.3.7+dfsg-1 |
| hardy | released | 1.2.12+dfsg-3ubuntu0.1 |
| intrepid | released | 1.2.12+dfsg-7ubuntu0.1 |
| jaunty | released | 1.2.12+dfsg-8ubuntu0.1 |
| upstream | released | 1.3.7+dfsg-1 |
Показывать по
EPSS
5 Medium
CVSS2
7.5 High
CVSS3
Связанные уязвимости
The expat XML parser in the apr_xml_* interface in xml/apr_xml.c in Apache APR-util before 1.3.7, as used in the mod_dav and mod_dav_svn modules in the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, as demonstrated by a PROPFIND request, a similar issue to CVE-2003-1564.
The expat XML parser in the apr_xml_* interface in xml/apr_xml.c in Apache APR-util before 1.3.7, as used in the mod_dav and mod_dav_svn modules in the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, as demonstrated by a PROPFIND request, a similar issue to CVE-2003-1564.
The expat XML parser in the apr_xml_* interface in xml/apr_xml.c in Ap ...
The expat XML parser in the apr_xml_* interface in xml/apr_xml.c in Apache APR-util before 1.3.7, as used in the mod_dav and mod_dav_svn modules in the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, as demonstrated by a PROPFIND request, a similar issue to CVE-2003-1564.
EPSS
5 Medium
CVSS2
7.5 High
CVSS3