Back to search
CVE-2009-1955
Published: Jun 6, 2009
Modified: Aug 7, 2024
PUBLISHED
Description
The expat XML parser in the apr_xml_* interface in xml/apr_xml.c in Apache APR-util before 1.3.7, as used in the mod_dav and mod_dav_svn modules in the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, as demonstrated by a PROPFIND request, a similar issue to CVE-2003-1564.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
35487
third-party-advisory
x_refsource_SECUNIA
DSA-1812
vendor-advisory
x_refsource_DEBIAN
http://www.apache.org/dist/apr/CHANGES-APR-UTIL-1.3
x_refsource_CONFIRM
ADV-2009-1907
vdb-entry
x_refsource_VUPEN
FEDORA-2009-5969
vendor-advisory
x_refsource_FEDORA
35444
third-party-advisory
x_refsource_SECUNIA
[apr-dev] 20090602 [PATCH] prevent "billion laughs" attack against expat
mailing-list
x_refsource_MLIST
MDVSA-2009:131
vendor-advisory
x_refsource_MANDRIVA
oval:org.mitre.oval:def:10270
vdb-entry
signature
x_refsource_OVAL
35360
third-party-advisory
x_refsource_SECUNIA
ADV-2010-1107
vdb-entry
x_refsource_VUPEN
[oss-security] 20090603 CVE request: "billion laughs" attack against Apache APR
mailing-list
x_refsource_MLIST
35395
third-party-advisory
x_refsource_SECUNIA
PK99478
vendor-advisory
x_refsource_AIXAPAR
20090824 rPSA-2009-0123-1 apr-util
mailing-list
x_refsource_BUGTRAQ
SUSE-SR:2010:011
vendor-advisory
x_refsource_SUSE
35284
third-party-advisory
x_refsource_SECUNIA
PK91241
vendor-advisory
x_refsource_AIXAPAR
36473
third-party-advisory
x_refsource_SECUNIA
PK88342
vendor-advisory
x_refsource_AIXAPAR
35843
third-party-advisory
x_refsource_SECUNIA
FEDORA-2009-6014
vendor-advisory
x_refsource_FEDORA
RHSA-2009:1108
vendor-advisory
x_refsource_REDHAT
HPSBUX02612
vendor-advisory
x_refsource_HP
oval:org.mitre.oval:def:12473
vdb-entry
signature
x_refsource_OVAL
35797
third-party-advisory
x_refsource_SECUNIA
http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html
x_refsource_CONFIRM
GLSA-200907-03
vendor-advisory
x_refsource_GENTOO
http://svn.apache.org/viewvc?view=rev&revision=781403
x_refsource_CONFIRM
FEDORA-2009-6261
vendor-advisory
x_refsource_FEDORA
USN-786-1
vendor-advisory
x_refsource_UBUNTU
34724
third-party-advisory
x_refsource_SECUNIA
37221
third-party-advisory
x_refsource_SECUNIA
35565
third-party-advisory
x_refsource_SECUNIA
ADV-2009-3184
vdb-entry
x_refsource_VUPEN
http://wiki.rpath.com/Advisories:rPSA-2009-0123
x_refsource_CONFIRM
8842
exploit
x_refsource_EXPLOIT-DB
SSRT100345
vendor-advisory
x_refsource_HP
SSA:2009-167-02
vendor-advisory
x_refsource_SLACKWARE
http://www-01.ibm.com/support/docview.wss?uid=swg27014463
x_refsource_CONFIRM
APPLE-SA-2009-11-09-1
vendor-advisory
x_refsource_APPLE
MDVSA-2013:150
vendor-advisory
x_refsource_MANDRIVA
35710
third-party-advisory
x_refsource_SECUNIA
35253
vdb-entry
x_refsource_BID
RHSA-2009:1107
vendor-advisory
x_refsource_REDHAT
http://support.apple.com/kb/HT3937
x_refsource_CONFIRM
USN-787-1
vendor-advisory
x_refsource_UBUNTU
[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/
mailing-list
x_refsource_MLIST
[httpd-cvs] 20210330 svn commit: r1888194 [6/13] - /httpd/site/trunk/content/security/json/
mailing-list
x_refsource_MLIST
[httpd-cvs] 20210330 svn commit: r1073139 [6/13] - in /websites/staging/httpd/trunk/content: ./ security/json/
mailing-list
x_refsource_MLIST
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now