CVE-2009-1955 — HIGH (7.5) — White Hats Nepal

Q: How severe is CVE-2009-1955?

CVE-2009-1955 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2009-1955?

Check the references section above for vendor advisories and patch information. Affected products include: Apache Apr-Util, Apple Mac Os X, Suse Linux Enterprise Server, Debian Debian Linux, Canonical Ubuntu Linux.

Vulnerability Description

The expat XML parser in the apr_xml_* interface in xml/apr_xml.c in Apache APR-util before 1.3.7, as used in the mod_dav and mod_dav_svn modules in the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, as demonstrated by a PROPFIND request, a similar issue to CVE-2003-1564.

CVSS Score

7.5

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Apache	Apr-Util	< 1.3.7
Apple	Mac Os X	< 10.6.2
Suse	Linux Enterprise Server	9
Debian	Debian Linux	4.0
Canonical	Ubuntu Linux	6.06
Fedoraproject	Fedora	9
Oracle	Http Server	-
Apache	Http Server	>= 2.2.0, < 2.2.12

Related Weaknesses (CWE)

CWE-776

References

http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.htmlMailing ListThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.htmlMailing ListThird Party Advisory
http://marc.info/?l=apr-dev&m=124396021826125&w=2Mailing ListPatch
http://marc.info/?l=bugtraq&m=129190899612998&w=2Mailing List
http://secunia.com/advisories/34724Broken LinkThird Party Advisory
http://secunia.com/advisories/35284Broken LinkThird Party Advisory
http://secunia.com/advisories/35360Broken LinkThird Party Advisory
http://secunia.com/advisories/35395Broken LinkThird Party Advisory
http://secunia.com/advisories/35444Broken LinkThird Party Advisory
http://secunia.com/advisories/35487Broken LinkThird Party Advisory
http://secunia.com/advisories/35565Broken LinkThird Party Advisory
http://secunia.com/advisories/35710Broken LinkThird Party Advisory
http://secunia.com/advisories/35797Broken LinkThird Party Advisory
http://secunia.com/advisories/35843Broken LinkThird Party Advisory
http://secunia.com/advisories/36473Broken LinkThird Party Advisory

FAQ

What is CVE-2009-1955?

CVE-2009-1955 is a vulnerability with a CVSS score of 7.5 (HIGH). The expat XML parser in the apr_xml_* interface in xml/apr_xml.c in Apache APR-util before 1.3.7, as used in the mod_dav and mod_dav_svn modules in the Apache HTTP Server, allows remote attackers to c...

How severe is CVE-2009-1955?

CVE-2009-1955 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2009-1955?

Check the references section above for vendor advisories and patch information. Affected products include: Apache Apr-Util, Apple Mac Os X, Suse Linux Enterprise Server, Debian Debian Linux, Canonical Ubuntu Linux.