Rapid7 Vulnerability & Exploit Database

Apache HTTPD: expat DoS (CVE-2009-3560)

Back to Search

Apache HTTPD: expat DoS (CVE-2009-3560)

Severity
5
CVSS
(AV:N/AC:L/Au:N/C:N/I:N/A:P)
Published
12/04/2009
Created
07/25/2018
Added
04/12/2012
Modified
05/24/2016

Description

The affected asset is vulnerable to this vulnerability ONLY if an attacker is able to get Apache to parse an untrusted XML document. Review your web server configuration for validation. A buffer over-read flaw was found in the bundled expat library. An attacker who is able to get Apache to parse an untrused XML document (for example through mod_dav) may be able to cause a crash. This crash would only be a denial of service if using the worker MPM.

Solution(s)

  • apache-httpd-upgrade-2_0_64
  • apache-httpd-upgrade-2_2_17

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;