Computer Security

CVE-2009-1955
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



CVECVE-2009-1955
StatusCandidate
DescriptionThe expat XML parser in the apr_xml_* interface in xml/apr_xml.c in Apache APR-util before 1.3.7, as used in the mod_dav and mod_dav_svn modules in the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, as demonstrated by a PROPFIND request, a similar issue to CVE-2003-1564.
SeverityHigh
CVSS score7,8
CVSS vector(AV:N/AC:L/Au:N/C:N/I:N/A:C)
PhaseAssigned (18.07.2011)
NVD:http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1955
ReferencesBID : 35253
 CONFIRM : http://svn.apache.org/viewvc?view=rev&revision...
 CONFIRM : http://www.apache.org/dist/apr/CHANGES-APR-UTIL-1.3
 DEBIAN : DSA-1812
 MANDRIVA : MDVSA-2009:131
 MILW0RM : 8842
 MLIST : [apr-dev] 20090602 [PATCH] prevent "billion laughs" attack against expat
 MLIST : [oss-security] 20090603 CVE request: "billion laughs" attack against Apache APR
 SECUNIA : 35284
 SECUNIA : 35360
 UBUNTU : USN-786-1
SecurityVulns:Apache apr-util webDav DoS
About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 


Rating@Mail.ru
test server