Denial of Service Vulnerability in Apache Portable Runtime Library
CVE-2009-2699

7.5HIGH

Key Information:

Vendor
Apache
Status
Http Server
Portable Runtime
Vendor
CVE Published:
13 October 2009

Summary

The Apache Portable Runtime library prior to version 1.3.9, as utilized in the Apache HTTP Server before version 2.2.14, contains a vulnerability within the Solaris pollset feature in the Event Port backend. This flaw fails to adequately manage error conditions, enabling remote attackers to induce a denial of service scenario by executing various HTTP requests. The issues primarily relate to the prefork and event Multi-Processing Modules (MPMs), leading to potential daemon hangs and service disruption.

References

http://www.apache.org/dist/httpd/CHANGES_2.2.14
x_refsource_CONFIRM
http://securitytracker.com/id?1022988
vdb-entryx_refsource_SECTRACK
http://marc.info/?l=bugtraq&m=133355494609819&w=2
vendor-advisoryx_refsource_HP

EPSS Score

8% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.