CVE-2009-1955: Apache httpd: APR-util XML DoS

CVE ID

CVE-2009-1955

DESCRIPTION

A denial of service flaw was found in the bundled copy of the APR-util library Extensible Markup Language (XML) parser. A remote attacker could create a specially-crafted XML document that would cause excessive memory consumption when processed by the XML decoding engine.

Severity: moderate

Unitrends could be vulnerable to this, but it requires a great deal of expertise to craft the exploit. It would also require network access to the Unitrends system. No data would be affected, but it could slow down the system.

RESOLUTION

The CentOS6.5 distribution already contains the fix.

Resolved in:

  • For CentOS6, the distribution already contains this fix.
  • For CentOS5, apr-util-1.2.7-11.el5_5.2 or later has this fix, and Unitrends appliances should already have apr-util-1.2.7-7.el5_3.2.
  • Upstream Apache httpd 2.2.12

LINK TO ADVISORIES

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Contact us