CVE-2009-2699
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
The Solaris pollset feature in the Event Port backend in poll/unix/port.c in the Apache Portable Runtime (APR) library before 1.3.9, as used in the Apache HTTP Server before 2.2.14 and other products, does not properly handle errors, which allows remote attackers to cause a denial of service (daemon hang) via unspecified HTTP requests, related to the prefork and event MPMs.
La opción pollset de Solaris en el backend Event Port en poll/unix/port.c en la librería Apache Portable Runtime (APR) anterior v1.3.9, como los usados en Apache HTTP Server atenrior v2.2.14 y otros productos, no manejan adecuadamente los errores, lo que permite a atacantes remotos causar una denegación de servicio (bloqueo del demonio) a través de peticiones HTTP no especificadas, relativas el prefork y eventos MPMs.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2009-08-05 CVE Reserved
- 2009-10-13 CVE Published
- 2024-07-03 EPSS Updated
- 2024-08-07 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-667: Improper Locking
CAPEC
References (20)
URL | Tag | Source |
---|---|---|
http://securitytracker.com/id?1022988 | Broken Link | |
http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html | Third Party Advisory | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/53666 | Third Party Advisory |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
http://marc.info/?l=bugtraq&m=133355494609819&w=2 | 2024-02-15 | |
http://www.apache.org/dist/httpd/CHANGES_2.2.14 | 2024-02-15 | |
http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | 2024-02-15 | |
https://issues.apache.org/bugzilla/show_bug.cgi?id=47645 | 2024-02-15 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Apache Search vendor "Apache" | Http Server Search vendor "Apache" for product "Http Server" | >= 2.2.0 < 2.2.14 Search vendor "Apache" for product "Http Server" and version " >= 2.2.0 < 2.2.14" | - |
Affected
| ||||||
Apache Search vendor "Apache" | Portable Runtime Search vendor "Apache" for product "Portable Runtime" | < 1.3.9 Search vendor "Apache" for product "Portable Runtime" and version " < 1.3.9" | - |
Affected
|