Back to search

Apache httpd expat DoS (CVE-2009-3720)

Severity CVSS Published Added Modified
5 (AV:N/AC:L/Au:N/C:N/I:N/A:P) November 02, 2009 October 25, 2010 February 12, 2015


The affected asset is vulnerable to this Apache vulnerability ONLY if an attacker is able to get Apache to parse an untrusted XML document. Review your Web server configuration for validation.

A buffer over-read flaw was found in the bundled expat library. An attacker who is able to get Apache to parse an untrused XML document (for example through mod_dav) may be able to cause a crash. This crash would only be a denial of service if using the worker MPM.

Free Nexpose Download

Discover, prioritize, and remediate security risks today!

 Download now


Related Vulnerabilities