Denial of Service Vulnerability in Apache APR-util XML Parser
CVE-2009-1955

7.5HIGH

Key Information:

Vendor

Apache
Status
Apr-util
Vendor
CVE Published:
8 June 2009

Badges

๐Ÿ‘พ Exploit Exists๐ŸŸก Public PoC

What is CVE-2009-1955?

The expat XML parser within the Apache APR-util library is vulnerable to a Denial of Service attack, primarily when processing specially crafted XML documents. Attackers can exploit this vulnerability by sending a request containing a significantly nested structure of entity references, leading to memory consumption that exhausts system resources. This puts servers running modules such as mod_dav and mod_dav_svn at risk of becoming unresponsive. Addressing this issue demands the use of updated versions of the library that mitigate such token-based exploitation.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2009-1955 - Proof of Concept

References

http://secunia.com/advisories/35487
third-party-advisoryx_refsource_SECUNIA
http://www.debian.org/security/2009/dsa-1812
vendor-advisoryx_refsource_DEBIAN
http://www.apache.org/dist/apr/CHANGES-APR-UTIL-1.3
x_refsource_CONFIRM

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • ๐ŸŸก

    Public PoC available

  • ๐Ÿ‘พ

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

JSON
.