← Back

CVE-2009-1955

nvd nist
Published: Jun 8, 2009Modified: Apr 23, 2026

JSON object

Loading...
7.5
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Exploitability: 3.9 / Impact: 3.6
Source: NVD

Description

The expat XML parser in the apr_xml_* interface in xml/apr_xml.c in Apache APR-util before 1.3.7, as used in the mod_dav and mod_dav_svn modules in the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, as demonstrated by a PROPFIND request, a similar issue to CVE-2003-1564.

Affected (13)

Show all products
Apache: Apr Util, Http Server · Apple: Mac Os X · Suse: Linux Enterprise Server · Debian: Debian Linux · Canonical: Ubuntu Linux · Fedoraproject: Fedora · Oracle: Http Server
Apache
2 products
Apr Util
Http Server
Apple
1 product
Mac Os X
Suse
1 product
Linux Enterprise Server
Debian
1 product
Debian Linux
Canonical
1 product
Ubuntu Linux
Fedoraproject
1 product
Fedora
Oracle
1 product
Http Server
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
Apr Util
Before 1.3.7
Configuration B
1 vulnerable
Vulnerable SoftwareAffected Versions
Mac Os X
Before 10.6.2
Configuration C
1 vulnerable
Vulnerable SoftwareAffected Versions
Linux Enterprise Server
Version 9
Configuration D
1 vulnerable
Vulnerable SoftwareAffected Versions
Debian Linux
Version 4.0
Configuration E
4 vulnerable
Vulnerable SoftwareAffected Versions
Canonical
Ubuntu Linux
Version 6.06
Ubuntu Linux
Version 8.04
Ubuntu Linux
Version 8.10
Ubuntu Linux
Version 9.04
Configuration F
3 vulnerable
Vulnerable SoftwareAffected Versions
Fedoraproject
Fedora
Version 10
Fedora
Version 11
Fedora
Version 9
Configuration G
1 vulnerable
Vulnerable SoftwareAffected Versions
Http Server
All versions
Configuration H
1 vulnerable
Vulnerable SoftwareAffected Versions
Http Server
From 2.2.0 to 2.2.12

Related CWEs

CWE-776
Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')
The product uses XML documents and allows their structure to be defined with a Document Type Definition (DTD), but it does not properly control the number of recursive definitions of entities.

References (120)

Source: cve@mitre.org
Mailing ListThird Party Advisory
Source: cve@mitre.org
Mailing ListThird Party Advisory
Source: cve@mitre.org
Mailing ListPatch
Source: cve@mitre.org
Mailing List
Source: cve@mitre.org
Broken LinkThird Party Advisory
Source: cve@mitre.org
Broken LinkThird Party Advisory
Source: cve@mitre.org
Broken LinkThird Party Advisory
Source: cve@mitre.org
Broken LinkThird Party Advisory
Source: cve@mitre.org
Broken LinkThird Party Advisory
Source: cve@mitre.org
Broken LinkThird Party Advisory
Source: cve@mitre.org
Broken LinkThird Party Advisory
Source: cve@mitre.org
Broken LinkThird Party Advisory
Source: cve@mitre.org
Broken LinkThird Party Advisory
Source: cve@mitre.org
Broken LinkThird Party Advisory
Source: cve@mitre.org
Broken LinkThird Party Advisory
Source: cve@mitre.org
Broken LinkThird Party Advisory
Source: cve@mitre.org
Third Party Advisory
Source: cve@mitre.org
Broken LinkThird Party Advisory
Source: cve@mitre.org
Broken Link
Source: cve@mitre.org
Patch
Source: cve@mitre.org
Broken Link
Source: cve@mitre.org
Broken Link
Source: cve@mitre.org
Broken LinkThird Party Advisory
Source: cve@mitre.org
Broken LinkThird Party Advisory
Source: cve@mitre.org
Broken LinkThird Party Advisory
Source: cve@mitre.org
Broken Link
Source: cve@mitre.org
Mailing ListThird Party Advisory
Source: cve@mitre.org
Broken LinkThird Party Advisory
Source: cve@mitre.org
Broken LinkThird Party Advisory
Source: cve@mitre.org
Mailing List
Source: cve@mitre.org
PatchThird Party Advisory
Source: cve@mitre.org
Broken LinkThird Party Advisory
Source: cve@mitre.org
Broken LinkThird Party Advisory
Source: cve@mitre.org
Broken LinkThird Party AdvisoryVDB Entry
Source: cve@mitre.org
Broken LinkThird Party AdvisoryVDB Entry
Source: cve@mitre.org
Third Party Advisory
Source: cve@mitre.org
Third Party Advisory
Source: cve@mitre.org
Broken LinkThird Party Advisory
Source: cve@mitre.org
Broken LinkThird Party Advisory
Source: cve@mitre.org
Broken LinkThird Party Advisory
Source: cve@mitre.org
Mailing ListPatch
Source: cve@mitre.org
Mailing ListPatch
Source: cve@mitre.org
Mailing ListPatch
Source: cve@mitre.org
Mailing ListPatch
Source: cve@mitre.org
Mailing ListPatch
Source: cve@mitre.org
Mailing ListPatch
Source: cve@mitre.org
Mailing ListPatch
Source: cve@mitre.org
Mailing ListPatch
Source: cve@mitre.org
Mailing ListPatch
Source: cve@mitre.org
Mailing ListPatch
Source: cve@mitre.org
Mailing ListPatch
Source: cve@mitre.org
Mailing ListPatch
Source: cve@mitre.org
Mailing ListPatch
Source: cve@mitre.org
Mailing ListPatch
Source: cve@mitre.org
Broken LinkThird Party Advisory
Source: cve@mitre.org
Broken LinkThird Party Advisory
Source: cve@mitre.org
ExploitVDB Entry
Source: cve@mitre.org
Mailing List
Source: cve@mitre.org
Mailing List
Source: cve@mitre.org
Mailing List
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListPatch
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing List
Source: af854a3a-2127-422b-91ae-364da2661108
Broken LinkThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Broken LinkThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Broken LinkThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Broken LinkThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Broken LinkThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Broken LinkThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Broken LinkThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Broken LinkThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Broken LinkThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Broken LinkThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Broken LinkThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Broken LinkThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Broken LinkThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link
Source: af854a3a-2127-422b-91ae-364da2661108
Patch
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link
Source: af854a3a-2127-422b-91ae-364da2661108
Broken LinkThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Broken LinkThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Broken LinkThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Broken LinkThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Broken LinkThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing List
Source: af854a3a-2127-422b-91ae-364da2661108
PatchThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Broken LinkThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Broken LinkThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Broken LinkThird Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Broken LinkThird Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Broken LinkThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Broken LinkThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Broken LinkThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListPatch
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListPatch
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListPatch
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListPatch
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListPatch
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListPatch
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListPatch
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListPatch
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListPatch
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListPatch
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListPatch
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListPatch
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListPatch
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListPatch
Source: af854a3a-2127-422b-91ae-364da2661108
Broken LinkThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Broken LinkThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing List
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing List
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing List

Timeline

No history available yet.