Apache Httpd < 2.2.17 : expat DoS

ID HTTPD:6D37F924288E2D149DC3C52135232B6E
Type httpd
Reporter Apache Team Foundation
Modified 2010-10-19T00:00:00


A buffer over-read flaw was found in the bundled expat library. An attacker who is able to get Apache to parse an untrused XML document (for example through mod_dav) may be able to cause a crash. This crash would only be a denial of service if using the worker MPM.