Apache Httpd < 2.2.17: expat DoS

2009-08-21T00:00:00
ID HTTPD:C4C2FA03C308FCF3A86EF1B2410DD220
Type httpd
Reporter Apache Team Foundation
Modified 2010-10-19T00:00:00

Description

A buffer over-read flaw was found in the bundled expat library. An attacker who is able to get Apache to parse an untrused XML document (for example through mod_dav) may be able to cause a crash. This crash would only be a denial of service if using the worker MPM.