LOGIN
CONTACT SALES
LOGIN
CONTACT SALES

Apache – CVE-2009-1955

Description

Cytrix has detected that the version of Apache APR-util being used has a flaw that could lead to a denial of service (DoS) attack.
The issue exists in the expat XML parser in the apr_xml_* interface in xml/apr_xml.c, as used in the mod_dav and mod_dav_svn modules in the Apache HTTP Server. The issue presented in CVE-2009-1955 is similar to CVE-2003-1564.

A remote attacker could create a specially-crafted XML document that would cause excessive memory consumption (hence the denial of service) when processed by the XML decoding engine.
Demonstrated by a PROPFIND request.

This will cause a decrease in performance and also for interruptions in the availability of resources.

Severity/Score

CVSS Version 2.0 – 5.0 Medium

Recommendation

To fix CVE-2009-1955, upgrade the version of Apache Server being used to 2.2.12.

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1955

< Return to all Vulnerabilities

Request a Demo

Active Directory Hacking

What does Active Directory mean? The Active Directory infrastructure is a critical infrastructure in most organizations, and it forms the backbone of the organization’s computing

Read More »

Man-In-The-Middle Attacks

Do you know these people who just push themselves into conversations?That’s Man-In-The-Middle Attacks. And from a wider angle, Man-In-The-Middle Attacks, or MITM, are built around

Read More »
Facebook Linkedin

Company

Resources

Docs

Latest posts

PING US
Facebook Linkedin