Versions of Apache 2.2 earlier than 2.2.17 are potentially affected by multiple vulnerabilities :
Errors exist in the bundled expat library that may allow an attacker to crash the server when a buffer is over-read when parsing an XML document. (CVE-2009-3720 and CVE-2009-3560)
An error exists in the ‘apr_brigade_split_line’ function in the bundled APR-util library. Carefully timed bytes in requests result in gradual memory increases leading to a denial of service. (CVE-2010-1623)
IAVA Reference : 2012-A-0020
STIG Finding Severity : Category I
Binary data 800577.prm