Back to search

Apache HTTPD: expat DoS (CVE-2009-3560)

Severity CVSS Published Added Modified
5 (AV:N/AC:L/Au:N/C:N/I:N/A:P) December 03, 2009 April 11, 2012 December 04, 2013

Description

The affected asset is vulnerable to this vulnerability ONLY if an attacker is able to get Apache to parse an untrusted XML document. Review your web server configuration for validation. A buffer over-read flaw was found in the bundled expat library. An attacker who is able to get Apache to parse an untrused XML document (for example through mod_dav) may be able to cause a crash. This crash would only be a denial of service if using the worker MPM.

Free Nexpose Download

Discover, prioritize, and remediate security risks today!

 Download now

References

Solution

apache-httpd-upgrade-2_0_64

Related Vulnerabilities