Lucene search

K
httpdApache Team FoundationHTTPD:CE69C4ECDA46256846F1C251D5FB13D9
HistoryAug 21, 2009 - 12:00 a.m.

Apache Httpd < 2.0.64 : expat DoS

2009-08-2100:00:00
Apache Team Foundation
httpd.apache.org
14

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

EPSS

0.029

Percentile

91.0%

A buffer over-read flaw was found in the bundled expat library. An attacker who is able to get Apache to parse an untrused XML document (for example through mod_dav) may be able to cause a crash. This crash would only be a denial of service if using the worker MPM.

Affected configurations

Vulners
Node
apacheapache_httpdMatch2.0.63
OR
apacheapache_httpdMatch2.0.61
OR
apacheapache_httpdMatch2.0.59
OR
apacheapache_httpdMatch2.0.58
OR
apacheapache_httpdMatch2.0.55
OR
apacheapache_httpdMatch2.0.54
OR
apacheapache_httpdMatch2.0.53
OR
apacheapache_httpdMatch2.0.52
OR
apacheapache_httpdMatch2.0.51
OR
apacheapache_httpdMatch2.0.50
OR
apacheapache_httpdMatch2.0.49
OR
apacheapache_httpdMatch2.0.48
OR
apacheapache_httpdMatch2.0.47
OR
apacheapache_httpdMatch2.0.46
OR
apacheapache_httpdMatch2.0.45
OR
apacheapache_httpdMatch2.0.44
OR
apacheapache_httpdMatch2.0.43
OR
apacheapache_httpdMatch2.0.42
OR
apacheapache_httpdMatch2.0.40
OR
apacheapache_httpdMatch2.0.39
OR
apacheapache_httpdMatch2.0.37
OR
apacheapache_httpdMatch2.0.36
OR
apacheapache_httpdMatch2.0.35
VendorProductVersionCPE
apacheapache_httpd2.0.63cpe:2.3:a:apache:apache_httpd:2.0.63:*:*:*:*:*:*:*
apacheapache_httpd2.0.61cpe:2.3:a:apache:apache_httpd:2.0.61:*:*:*:*:*:*:*
apacheapache_httpd2.0.59cpe:2.3:a:apache:apache_httpd:2.0.59:*:*:*:*:*:*:*
apacheapache_httpd2.0.58cpe:2.3:a:apache:apache_httpd:2.0.58:*:*:*:*:*:*:*
apacheapache_httpd2.0.55cpe:2.3:a:apache:apache_httpd:2.0.55:*:*:*:*:*:*:*
apacheapache_httpd2.0.54cpe:2.3:a:apache:apache_httpd:2.0.54:*:*:*:*:*:*:*
apacheapache_httpd2.0.53cpe:2.3:a:apache:apache_httpd:2.0.53:*:*:*:*:*:*:*
apacheapache_httpd2.0.52cpe:2.3:a:apache:apache_httpd:2.0.52:*:*:*:*:*:*:*
apacheapache_httpd2.0.51cpe:2.3:a:apache:apache_httpd:2.0.51:*:*:*:*:*:*:*
apacheapache_httpd2.0.50cpe:2.3:a:apache:apache_httpd:2.0.50:*:*:*:*:*:*:*
Rows per page:
1-10 of 231

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

EPSS

0.029

Percentile

91.0%