Уязвимость CVE-2009-2699: Информация

Описание

The Solaris pollset feature in the Event Port backend in poll/unix/port.c in the Apache Portable Runtime (APR) library before 1.3.9, as used in the Apache HTTP Server before 2.2.14 and other products, does not properly handle errors, which allows remote attackers to cause a denial of service (daemon hang) via unspecified HTTP requests, related to the prefork and event MPMs.

Важность: HIGH (7,5) Вектор: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

URL: https://nvd.nist.gov/vuln/detail/CVE-2009-2699
Опубликовано: 13 октября 2009 г.
Изменено: 15 февраля 2024 г.
Идентификатор типа ошибки: CWE-667

Ссылки на рекомендации, решения и инструменты

Ссылка
Ресурс
36596
  • Patch
  • Third Party Advisory
  • VDB Entry
http://www.apache.org/dist/httpd/CHANGES_2.2.14
  • Broken Link
  • Vendor Advisory
1022988
  • Broken Link
  • Third Party Advisory
  • VDB Entry
https://issues.apache.org/bugzilla/show_bug.cgi?id=47645
  • Issue Tracking
  • Vendor Advisory
http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html
  • Third Party Advisory
MDVSA-2013:150
  • Broken Link
SSRT100782
  • Issue Tracking
  • Mailing List
  • Third Party Advisory
apache-solaris-pollset-dos(53666)
  • Third Party Advisory
  • VDB Entry
[httpd-cvs] 20190815 svn commit: r1048743 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
  • Mailing List
  • Patch
[httpd-cvs] 20190815 svn commit: r1048742 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
  • Mailing List
  • Patch
[httpd-cvs] 20200401 svn commit: r1058586 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
  • Mailing List
  • Patch
[httpd-cvs] 20200401 svn commit: r1058587 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
  • Mailing List
  • Patch
[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/
  • Mailing List
  • Patch
[httpd-cvs] 20210330 svn commit: r1888194 [6/13] - /httpd/site/trunk/content/security/json/
  • Mailing List
  • Patch
[httpd-cvs] 20210330 svn commit: r1073140 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
  • Mailing List
  • Patch
[httpd-cvs] 20210330 svn commit: r1073139 [6/13] - in /websites/staging/httpd/trunk/content: ./ security/json/
  • Mailing List
  • Patch
[httpd-cvs] 20210330 svn commit: r1073149 [7/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/
  • Mailing List
  • Patch
[httpd-cvs] 20210330 svn commit: r1073146 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities-httpd.xml security/vulnerabilities_22.html security/vulnerabilities_24.html
  • Mailing List
  • Patch
[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/
  • Mailing List
  • Patch
[httpd-cvs] 20210606 svn commit: r1075470 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
  • Mailing List
  • Patch

    1. Конфигурация 1

      cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*
      Start including
      2.2.0
      End excliding
      2.2.14
      cpe:2.3:a:apache:portable_runtime:*:*:*:*:*:*:*:*
      End excliding
      1.3.9
VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
Версия: v24.5.0
Наверх