Back to search

Apache HTTPD: APR-util XML DoS (CVE-2009-1955)

Severity CVSS Published Added Modified
8 (AV:N/AC:L/Au:N/C:N/I:N/A:C) June 06, 2009 April 11, 2012 June 05, 2013

Description

The affected asset is vulnerable to this vulnerability ONLY if an attacker could convince Apache to consume a specially crafted XML document. Review your web server configuration for validation. A denial of service flaw was found in the bundled copy of the APR-util library Extensible Markup Language (XML) parser. A remote attacker could create a specially-crafted XML document that would cause excessive memory consumption when processed by the XML decoding engine.

Free Nexpose Download

Discover, prioritize, and remediate security risks today!

 Download now

References

Solution

apache-httpd-upgrade-2_2_12

Related Vulnerabilities