Apache apr-util webDav DoS updated since 02.06.2009
Published:		05.06.2009
Source:		BUGTRAQ
SecurityVulns ID:		9954
Type:		remote
Level:		5/10
Description:		Memory consuption on large number of Entity elements.

Affected:		APACHE : Apr-util 1.2
CVE:		CVE-2009-1956 (Off-by-one error in the apr_brigade_vprintf function in Apache APR-util before 1.3.5 on big-endian platforms allows remote attackers to obtain sensitive information or cause a denial of service (application crash) via crafted input.)
		CVE-2009-1955 (The expat XML parser in the apr_xml_* interface in xml/apr_xml.c in Apache APR-util before 1.3.7, as used in the mod_dav and mod_dav_svn modules in the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, as demonstrated by a PROPFIND request, a similar issue to CVE-2003-1564.)
		CVE-2009-0023 (The apr_strmatch_precompile function in strmatch/apr_strmatch.c in Apache APR-util before 1.3.5 allows remote attackers to cause a denial of service (daemon crash) via crafted input involving (1) a .htaccess file used with the Apache HTTP Server, (2) the SVNMasterURI directive in the mod_dav_svn module in the Apache HTTP Server, (3) the mod_apreq2 module for the Apache HTTP Server, or (4) an application that uses the libapreq2 library, which triggers a heap-based buffer underflow.)

Original document		DEBIAN, [SECURITY] [DSA 1812-1] New apr-util packages fix several vulnerabilities (05.06.2009)
		Kingcope Kingcope, The father of all bombs - another webdav fiasco (02.06.2009)

Files:		Apache mod_dav / svn Remote Denial of Service Exploit
Discuss:		Read or add your comments to this news (0 comments)