Back to search

Apache httpd expat DoS (CVE-2009-3560)

Severity CVSS Published Added Modified
5 (AV:N/AC:L/Au:N/C:N/I:N/A:P) December 03, 2009 October 25, 2010 December 03, 2013

Description

The affected asset is vulnerable to this Apache vulnerability ONLY if an attacker is able to get Apache to parse an untrusted XML document. Review your Web server configuration for validation.

A buffer over-read flaw was found in the bundled expat library. An attacker who is able to get Apache to parse an untrused XML document (for example through mod_dav) may be able to cause a crash. This crash would only be a denial of service if using the worker MPM.

Free Nexpose Download

Discover, prioritize, and remediate security risks today!

 Download now

References

Related Vulnerabilities