CVE-2009-1955

Apache mod_dav / svn - Remote Denial of Service

Severity Score

7.5

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

The expat XML parser in the apr_xml_* interface in xml/apr_xml.c in Apache APR-util before 1.3.7, as used in the mod_dav and mod_dav_svn modules in the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, as demonstrated by a PROPFIND request, a similar issue to CVE-2003-1564.

El parseador XML en el interfaz apr_xml_* en xml/apr_xml.c en Apache APR-util anteriores a v1.3.7 tal y como es utilizado en los módulos mod_dav y mod_dav_svn en el servidor HTTP de Apache, permite a atacantes remotos producir una denegación de servicio (agotamiento de memoria) a través de un documento XML manipulado que contiene un gran numero de referencias anidadas, como se demostró en la petición PROPFIND, una vulnerabilidad similar a CVE-2003-1564.

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

None

Integrity

None

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2009-06-06 CVE Reserved
2009-06-06 CVE Published
2024-08-07 CVE Updated
2024-08-07 First Exploit
2024-11-09 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-776: Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')

CAPEC

References (62)

URL	Tag	Source
http://secunia.com/advisories/34724	Broken Link
http://secunia.com/advisories/35284	Broken Link
http://secunia.com/advisories/35360	Broken Link
http://secunia.com/advisories/35395	Broken Link
http://secunia.com/advisories/35444	Broken Link
http://secunia.com/advisories/35487	Broken Link
http://secunia.com/advisories/35565	Broken Link
http://secunia.com/advisories/35710	Broken Link
http://secunia.com/advisories/35797	Broken Link
http://secunia.com/advisories/35843	Broken Link
http://secunia.com/advisories/36473	Broken Link
http://secunia.com/advisories/37221	Broken Link
http://support.apple.com/kb/HT3937	Broken Link
http://wiki.rpath.com/Advisories:rPSA-2009-0123	Broken Link
http://www-01.ibm.com/support/docview.wss?uid=swg27014463	Broken Link
http://www.apache.org/dist/apr/CHANGES-APR-UTIL-1.3	Broken Link
http://www.openwall.com/lists/oss-security/2009/06/03/4	Mailing List
http://www.securityfocus.com/archive/1/506053/100/0/threaded	Broken Link
http://www.securityfocus.com/bid/35253	Broken Link
http://www.vupen.com/english/advisories/2009/1907	Broken Link
http://www.vupen.com/english/advisories/2009/3184	Broken Link
http://www.vupen.com/english/advisories/2010/1107	Broken Link
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10270	Broken Link
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12473	Broken Link

URL	Date	SRC
https://www.exploit-db.com/exploits/8842	2024-08-07

URL	Date	SRC
http://marc.info/?l=apr-dev&m=124396021826125&w=2	2024-02-02
http://svn.apache.org/viewvc?view=rev&revision=781403	2024-02-02
http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html	2024-02-02
https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E	2024-02-02
https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E	2024-02-02
https://lists.apache.org/thread.html/r2295080a257bad27ea68ca0af12fc715577f9e84801eae116a33107e%40%3Ccvs.httpd.apache.org%3E	2024-02-02
https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a%40%3Ccvs.httpd.apache.org%3E	2024-02-02
https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E	2024-02-02
https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E	2024-02-02
https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E	2024-02-02
https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E	2024-02-02
https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3Ccvs.httpd.apache.org%3E	2024-02-02
https://lists.apache.org/thread.html/rc4c53a0d57b2771ecd4b965010580db355e38137c8711311ee1073a8%40%3Ccvs.httpd.apache.org%3E	2024-02-02
https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E	2024-02-02
https://lists.apache.org/thread.html/reb7c64aeea604bf948467d9d1cab8ff23fa7d002be1964bcc275aae7%40%3Ccvs.httpd.apache.org%3E	2024-02-02
https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E	2024-02-02
https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E	2024-02-02

URL	Date	SRC
http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html	2024-02-02
http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html	2024-02-02
http://marc.info/?l=bugtraq&m=129190899612998&w=2	2024-02-02
http://security.gentoo.org/glsa/glsa-200907-03.xml	2024-02-02
http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.538210	2024-02-02
http://www-01.ibm.com/support/docview.wss?uid=swg1PK88342	2024-02-02
http://www-01.ibm.com/support/docview.wss?uid=swg1PK91241	2024-02-02
http://www-01.ibm.com/support/docview.wss?uid=swg1PK99478	2024-02-02
http://www.debian.org/security/2009/dsa-1812	2024-02-02
http://www.mandriva.com/security/advisories?name=MDVSA-2009:131	2024-02-02
http://www.mandriva.com/security/advisories?name=MDVSA-2013:150	2024-02-02
http://www.redhat.com/support/errata/RHSA-2009-1107.html	2024-02-02
http://www.redhat.com/support/errata/RHSA-2009-1108.html	2024-02-02
http://www.ubuntu.com/usn/usn-786-1	2024-02-02
http://www.ubuntu.com/usn/usn-787-1	2024-02-02
https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01173.html	2024-02-02
https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01201.html	2024-02-02
https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01228.html	2024-02-02
https://access.redhat.com/security/cve/CVE-2009-1955	2010-08-04
https://bugzilla.redhat.com/show_bug.cgi?id=504555	2010-08-04

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Apache Search vendor "Apache"		Apr-util Search vendor "Apache" for product "Apr-util"				< 1.3.7 Search vendor "Apache" for product "Apr-util" and version " < 1.3.7"		-		Affected
Apple Search vendor "Apple"		Mac Os X Search vendor "Apple" for product "Mac Os X"				< 10.6.2 Search vendor "Apple" for product "Mac Os X" and version " < 10.6.2"		-		Affected
Suse Search vendor "Suse"		Linux Enterprise Server Search vendor "Suse" for product "Linux Enterprise Server"				9 Search vendor "Suse" for product "Linux Enterprise Server" and version "9"		-		Affected
Debian Search vendor "Debian"		Debian Linux Search vendor "Debian" for product "Debian Linux"				4.0 Search vendor "Debian" for product "Debian Linux" and version "4.0"		-		Affected
Canonical Search vendor "Canonical"		Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux"				6.06 Search vendor "Canonical" for product "Ubuntu Linux" and version "6.06"		-		Affected
Canonical Search vendor "Canonical"		Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux"				8.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "8.04"		-		Affected
Canonical Search vendor "Canonical"		Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux"				8.10 Search vendor "Canonical" for product "Ubuntu Linux" and version "8.10"		-		Affected
Canonical Search vendor "Canonical"		Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux"				9.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "9.04"		-		Affected
Fedoraproject Search vendor "Fedoraproject"		Fedora Search vendor "Fedoraproject" for product "Fedora"				9 Search vendor "Fedoraproject" for product "Fedora" and version "9"		-		Affected
Fedoraproject Search vendor "Fedoraproject"		Fedora Search vendor "Fedoraproject" for product "Fedora"				10 Search vendor "Fedoraproject" for product "Fedora" and version "10"		-		Affected
Fedoraproject Search vendor "Fedoraproject"		Fedora Search vendor "Fedoraproject" for product "Fedora"				11 Search vendor "Fedoraproject" for product "Fedora" and version "11"		-		Affected
Oracle Search vendor "Oracle"		Http Server Search vendor "Oracle" for product "Http Server"				-		-		Affected
Apache Search vendor "Apache"		Http Server Search vendor "Apache" for product "Http Server"				>= 2.2.0 < 2.2.12 Search vendor "Apache" for product "Http Server" and version " >= 2.2.0 < 2.2.12"		-		Affected