Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2009-1955

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-06 Jun, 2009 | 18:00
Updated At-07 Aug, 2024 | 05:36
Rejected At-
Credits

The expat XML parser in the apr_xml_* interface in xml/apr_xml.c in Apache APR-util before 1.3.7, as used in the mod_dav and mod_dav_svn modules in the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, as demonstrated by a PROPFIND request, a similar issue to CVE-2003-1564.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:06 Jun, 2009 | 18:00
Updated At:07 Aug, 2024 | 05:36
Rejected At:
▼CVE Numbering Authority (CNA)

The expat XML parser in the apr_xml_* interface in xml/apr_xml.c in Apache APR-util before 1.3.7, as used in the mod_dav and mod_dav_svn modules in the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, as demonstrated by a PROPFIND request, a similar issue to CVE-2003-1564.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://secunia.com/advisories/35487
third-party-advisory
x_refsource_SECUNIA
http://www.debian.org/security/2009/dsa-1812
vendor-advisory
x_refsource_DEBIAN
http://www.apache.org/dist/apr/CHANGES-APR-UTIL-1.3
x_refsource_CONFIRM
http://www.vupen.com/english/advisories/2009/1907
vdb-entry
x_refsource_VUPEN
https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01228.html
vendor-advisory
x_refsource_FEDORA
http://secunia.com/advisories/35444
third-party-advisory
x_refsource_SECUNIA
http://marc.info/?l=apr-dev&m=124396021826125&w=2
mailing-list
x_refsource_MLIST
http://www.mandriva.com/security/advisories?name=MDVSA-2009:131
vendor-advisory
x_refsource_MANDRIVA
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10270
vdb-entry
signature
x_refsource_OVAL
http://secunia.com/advisories/35360
third-party-advisory
x_refsource_SECUNIA
http://www.vupen.com/english/advisories/2010/1107
vdb-entry
x_refsource_VUPEN
http://www.openwall.com/lists/oss-security/2009/06/03/4
mailing-list
x_refsource_MLIST
http://secunia.com/advisories/35395
third-party-advisory
x_refsource_SECUNIA
http://www-01.ibm.com/support/docview.wss?uid=swg1PK99478
vendor-advisory
x_refsource_AIXAPAR
http://www.securityfocus.com/archive/1/506053/100/0/threaded
mailing-list
x_refsource_BUGTRAQ
http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html
vendor-advisory
x_refsource_SUSE
http://secunia.com/advisories/35284
third-party-advisory
x_refsource_SECUNIA
http://www-01.ibm.com/support/docview.wss?uid=swg1PK91241
vendor-advisory
x_refsource_AIXAPAR
http://secunia.com/advisories/36473
third-party-advisory
x_refsource_SECUNIA
http://www-01.ibm.com/support/docview.wss?uid=swg1PK88342
vendor-advisory
x_refsource_AIXAPAR
http://secunia.com/advisories/35843
third-party-advisory
x_refsource_SECUNIA
https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01173.html
vendor-advisory
x_refsource_FEDORA
http://www.redhat.com/support/errata/RHSA-2009-1108.html
vendor-advisory
x_refsource_REDHAT
http://marc.info/?l=bugtraq&m=129190899612998&w=2
vendor-advisory
x_refsource_HP
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12473
vdb-entry
signature
x_refsource_OVAL
http://secunia.com/advisories/35797
third-party-advisory
x_refsource_SECUNIA
http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html
x_refsource_CONFIRM
http://security.gentoo.org/glsa/glsa-200907-03.xml
vendor-advisory
x_refsource_GENTOO
http://svn.apache.org/viewvc?view=rev&revision=781403
x_refsource_CONFIRM
https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01201.html
vendor-advisory
x_refsource_FEDORA
http://www.ubuntu.com/usn/usn-786-1
vendor-advisory
x_refsource_UBUNTU
http://secunia.com/advisories/34724
third-party-advisory
x_refsource_SECUNIA
http://secunia.com/advisories/37221
third-party-advisory
x_refsource_SECUNIA
http://secunia.com/advisories/35565
third-party-advisory
x_refsource_SECUNIA
http://www.vupen.com/english/advisories/2009/3184
vdb-entry
x_refsource_VUPEN
http://wiki.rpath.com/Advisories:rPSA-2009-0123
x_refsource_CONFIRM
https://www.exploit-db.com/exploits/8842
exploit
x_refsource_EXPLOIT-DB
http://marc.info/?l=bugtraq&m=129190899612998&w=2
vendor-advisory
x_refsource_HP
http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.538210
vendor-advisory
x_refsource_SLACKWARE
http://www-01.ibm.com/support/docview.wss?uid=swg27014463
x_refsource_CONFIRM
http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html
vendor-advisory
x_refsource_APPLE
http://www.mandriva.com/security/advisories?name=MDVSA-2013:150
vendor-advisory
x_refsource_MANDRIVA
http://secunia.com/advisories/35710
third-party-advisory
x_refsource_SECUNIA
http://www.securityfocus.com/bid/35253
vdb-entry
x_refsource_BID
http://www.redhat.com/support/errata/RHSA-2009-1107.html
vendor-advisory
x_refsource_REDHAT
http://support.apple.com/kb/HT3937
x_refsource_CONFIRM
http://www.ubuntu.com/usn/usn-787-1
vendor-advisory
x_refsource_UBUNTU
https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E
mailing-list
x_refsource_MLIST
https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E
mailing-list
x_refsource_MLIST
https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E
mailing-list
x_refsource_MLIST
https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E
mailing-list
x_refsource_MLIST
https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E
mailing-list
x_refsource_MLIST
https://lists.apache.org/thread.html/reb7c64aeea604bf948467d9d1cab8ff23fa7d002be1964bcc275aae7%40%3Ccvs.httpd.apache.org%3E
mailing-list
x_refsource_MLIST
https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E
mailing-list
x_refsource_MLIST
https://lists.apache.org/thread.html/r2295080a257bad27ea68ca0af12fc715577f9e84801eae116a33107e%40%3Ccvs.httpd.apache.org%3E
mailing-list
x_refsource_MLIST
https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E
mailing-list
x_refsource_MLIST
https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E
mailing-list
x_refsource_MLIST
https://lists.apache.org/thread.html/rc4c53a0d57b2771ecd4b965010580db355e38137c8711311ee1073a8%40%3Ccvs.httpd.apache.org%3E
mailing-list
x_refsource_MLIST
https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3Ccvs.httpd.apache.org%3E
mailing-list
x_refsource_MLIST
https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a%40%3Ccvs.httpd.apache.org%3E
mailing-list
x_refsource_MLIST
https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E
mailing-list
x_refsource_MLIST
Hyperlink: http://secunia.com/advisories/35487
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.debian.org/security/2009/dsa-1812
Resource:
vendor-advisory
x_refsource_DEBIAN
Hyperlink: http://www.apache.org/dist/apr/CHANGES-APR-UTIL-1.3
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.vupen.com/english/advisories/2009/1907
Resource:
vdb-entry
x_refsource_VUPEN
Hyperlink: https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01228.html
Resource:
vendor-advisory
x_refsource_FEDORA
Hyperlink: http://secunia.com/advisories/35444
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://marc.info/?l=apr-dev&m=124396021826125&w=2
Resource:
mailing-list
x_refsource_MLIST
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2009:131
Resource:
vendor-advisory
x_refsource_MANDRIVA
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10270
Resource:
vdb-entry
signature
x_refsource_OVAL
Hyperlink: http://secunia.com/advisories/35360
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.vupen.com/english/advisories/2010/1107
Resource:
vdb-entry
x_refsource_VUPEN
Hyperlink: http://www.openwall.com/lists/oss-security/2009/06/03/4
Resource:
mailing-list
x_refsource_MLIST
Hyperlink: http://secunia.com/advisories/35395
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www-01.ibm.com/support/docview.wss?uid=swg1PK99478
Resource:
vendor-advisory
x_refsource_AIXAPAR
Hyperlink: http://www.securityfocus.com/archive/1/506053/100/0/threaded
Resource:
mailing-list
x_refsource_BUGTRAQ
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html
Resource:
vendor-advisory
x_refsource_SUSE
Hyperlink: http://secunia.com/advisories/35284
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www-01.ibm.com/support/docview.wss?uid=swg1PK91241
Resource:
vendor-advisory
x_refsource_AIXAPAR
Hyperlink: http://secunia.com/advisories/36473
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www-01.ibm.com/support/docview.wss?uid=swg1PK88342
Resource:
vendor-advisory
x_refsource_AIXAPAR
Hyperlink: http://secunia.com/advisories/35843
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01173.html
Resource:
vendor-advisory
x_refsource_FEDORA
Hyperlink: http://www.redhat.com/support/errata/RHSA-2009-1108.html
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: http://marc.info/?l=bugtraq&m=129190899612998&w=2
Resource:
vendor-advisory
x_refsource_HP
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12473
Resource:
vdb-entry
signature
x_refsource_OVAL
Hyperlink: http://secunia.com/advisories/35797
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html
Resource:
x_refsource_CONFIRM
Hyperlink: http://security.gentoo.org/glsa/glsa-200907-03.xml
Resource:
vendor-advisory
x_refsource_GENTOO
Hyperlink: http://svn.apache.org/viewvc?view=rev&revision=781403
Resource:
x_refsource_CONFIRM
Hyperlink: https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01201.html
Resource:
vendor-advisory
x_refsource_FEDORA
Hyperlink: http://www.ubuntu.com/usn/usn-786-1
Resource:
vendor-advisory
x_refsource_UBUNTU
Hyperlink: http://secunia.com/advisories/34724
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://secunia.com/advisories/37221
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://secunia.com/advisories/35565
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.vupen.com/english/advisories/2009/3184
Resource:
vdb-entry
x_refsource_VUPEN
Hyperlink: http://wiki.rpath.com/Advisories:rPSA-2009-0123
Resource:
x_refsource_CONFIRM
Hyperlink: https://www.exploit-db.com/exploits/8842
Resource:
exploit
x_refsource_EXPLOIT-DB
Hyperlink: http://marc.info/?l=bugtraq&m=129190899612998&w=2
Resource:
vendor-advisory
x_refsource_HP
Hyperlink: http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.538210
Resource:
vendor-advisory
x_refsource_SLACKWARE
Hyperlink: http://www-01.ibm.com/support/docview.wss?uid=swg27014463
Resource:
x_refsource_CONFIRM
Hyperlink: http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html
Resource:
vendor-advisory
x_refsource_APPLE
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2013:150
Resource:
vendor-advisory
x_refsource_MANDRIVA
Hyperlink: http://secunia.com/advisories/35710
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.securityfocus.com/bid/35253
Resource:
vdb-entry
x_refsource_BID
Hyperlink: http://www.redhat.com/support/errata/RHSA-2009-1107.html
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: http://support.apple.com/kb/HT3937
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.ubuntu.com/usn/usn-787-1
Resource:
vendor-advisory
x_refsource_UBUNTU
Hyperlink: https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E
Resource:
mailing-list
x_refsource_MLIST
Hyperlink: https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E
Resource:
mailing-list
x_refsource_MLIST
Hyperlink: https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E
Resource:
mailing-list
x_refsource_MLIST
Hyperlink: https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E
Resource:
mailing-list
x_refsource_MLIST
Hyperlink: https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E
Resource:
mailing-list
x_refsource_MLIST
Hyperlink: https://lists.apache.org/thread.html/reb7c64aeea604bf948467d9d1cab8ff23fa7d002be1964bcc275aae7%40%3Ccvs.httpd.apache.org%3E
Resource:
mailing-list
x_refsource_MLIST
Hyperlink: https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E
Resource:
mailing-list
x_refsource_MLIST
Hyperlink: https://lists.apache.org/thread.html/r2295080a257bad27ea68ca0af12fc715577f9e84801eae116a33107e%40%3Ccvs.httpd.apache.org%3E
Resource:
mailing-list
x_refsource_MLIST
Hyperlink: https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E
Resource:
mailing-list
x_refsource_MLIST
Hyperlink: https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E
Resource:
mailing-list
x_refsource_MLIST
Hyperlink: https://lists.apache.org/thread.html/rc4c53a0d57b2771ecd4b965010580db355e38137c8711311ee1073a8%40%3Ccvs.httpd.apache.org%3E
Resource:
mailing-list
x_refsource_MLIST
Hyperlink: https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3Ccvs.httpd.apache.org%3E
Resource:
mailing-list
x_refsource_MLIST
Hyperlink: https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a%40%3Ccvs.httpd.apache.org%3E
Resource:
mailing-list
x_refsource_MLIST
Hyperlink: https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E
Resource:
mailing-list
x_refsource_MLIST
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://secunia.com/advisories/35487
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.debian.org/security/2009/dsa-1812
vendor-advisory
x_refsource_DEBIAN
x_transferred
http://www.apache.org/dist/apr/CHANGES-APR-UTIL-1.3
x_refsource_CONFIRM
x_transferred
http://www.vupen.com/english/advisories/2009/1907
vdb-entry
x_refsource_VUPEN
x_transferred
https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01228.html
vendor-advisory
x_refsource_FEDORA
x_transferred
http://secunia.com/advisories/35444
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://marc.info/?l=apr-dev&m=124396021826125&w=2
mailing-list
x_refsource_MLIST
x_transferred
http://www.mandriva.com/security/advisories?name=MDVSA-2009:131
vendor-advisory
x_refsource_MANDRIVA
x_transferred
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10270
vdb-entry
signature
x_refsource_OVAL
x_transferred
http://secunia.com/advisories/35360
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.vupen.com/english/advisories/2010/1107
vdb-entry
x_refsource_VUPEN
x_transferred
http://www.openwall.com/lists/oss-security/2009/06/03/4
mailing-list
x_refsource_MLIST
x_transferred
http://secunia.com/advisories/35395
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www-01.ibm.com/support/docview.wss?uid=swg1PK99478
vendor-advisory
x_refsource_AIXAPAR
x_transferred
http://www.securityfocus.com/archive/1/506053/100/0/threaded
mailing-list
x_refsource_BUGTRAQ
x_transferred
http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html
vendor-advisory
x_refsource_SUSE
x_transferred
http://secunia.com/advisories/35284
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www-01.ibm.com/support/docview.wss?uid=swg1PK91241
vendor-advisory
x_refsource_AIXAPAR
x_transferred
http://secunia.com/advisories/36473
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www-01.ibm.com/support/docview.wss?uid=swg1PK88342
vendor-advisory
x_refsource_AIXAPAR
x_transferred
http://secunia.com/advisories/35843
third-party-advisory
x_refsource_SECUNIA
x_transferred
https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01173.html
vendor-advisory
x_refsource_FEDORA
x_transferred
http://www.redhat.com/support/errata/RHSA-2009-1108.html
vendor-advisory
x_refsource_REDHAT
x_transferred
http://marc.info/?l=bugtraq&m=129190899612998&w=2
vendor-advisory
x_refsource_HP
x_transferred
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12473
vdb-entry
signature
x_refsource_OVAL
x_transferred
http://secunia.com/advisories/35797
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html
x_refsource_CONFIRM
x_transferred
http://security.gentoo.org/glsa/glsa-200907-03.xml
vendor-advisory
x_refsource_GENTOO
x_transferred
http://svn.apache.org/viewvc?view=rev&revision=781403
x_refsource_CONFIRM
x_transferred
https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01201.html
vendor-advisory
x_refsource_FEDORA
x_transferred
http://www.ubuntu.com/usn/usn-786-1
vendor-advisory
x_refsource_UBUNTU
x_transferred
http://secunia.com/advisories/34724
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://secunia.com/advisories/37221
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://secunia.com/advisories/35565
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.vupen.com/english/advisories/2009/3184
vdb-entry
x_refsource_VUPEN
x_transferred
http://wiki.rpath.com/Advisories:rPSA-2009-0123
x_refsource_CONFIRM
x_transferred
https://www.exploit-db.com/exploits/8842
exploit
x_refsource_EXPLOIT-DB
x_transferred
http://marc.info/?l=bugtraq&m=129190899612998&w=2
vendor-advisory
x_refsource_HP
x_transferred
http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.538210
vendor-advisory
x_refsource_SLACKWARE
x_transferred
http://www-01.ibm.com/support/docview.wss?uid=swg27014463
x_refsource_CONFIRM
x_transferred
http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html
vendor-advisory
x_refsource_APPLE
x_transferred
http://www.mandriva.com/security/advisories?name=MDVSA-2013:150
vendor-advisory
x_refsource_MANDRIVA
x_transferred
http://secunia.com/advisories/35710
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.securityfocus.com/bid/35253
vdb-entry
x_refsource_BID
x_transferred
http://www.redhat.com/support/errata/RHSA-2009-1107.html
vendor-advisory
x_refsource_REDHAT
x_transferred
http://support.apple.com/kb/HT3937
x_refsource_CONFIRM
x_transferred
http://www.ubuntu.com/usn/usn-787-1
vendor-advisory
x_refsource_UBUNTU
x_transferred
https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E
mailing-list
x_refsource_MLIST
x_transferred
https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E
mailing-list
x_refsource_MLIST
x_transferred
https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E
mailing-list
x_refsource_MLIST
x_transferred
https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E
mailing-list
x_refsource_MLIST
x_transferred
https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E
mailing-list
x_refsource_MLIST
x_transferred
https://lists.apache.org/thread.html/reb7c64aeea604bf948467d9d1cab8ff23fa7d002be1964bcc275aae7%40%3Ccvs.httpd.apache.org%3E
mailing-list
x_refsource_MLIST
x_transferred
https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E
mailing-list
x_refsource_MLIST
x_transferred
https://lists.apache.org/thread.html/r2295080a257bad27ea68ca0af12fc715577f9e84801eae116a33107e%40%3Ccvs.httpd.apache.org%3E
mailing-list
x_refsource_MLIST
x_transferred
https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E
mailing-list
x_refsource_MLIST
x_transferred
https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E
mailing-list
x_refsource_MLIST
x_transferred
https://lists.apache.org/thread.html/rc4c53a0d57b2771ecd4b965010580db355e38137c8711311ee1073a8%40%3Ccvs.httpd.apache.org%3E
mailing-list
x_refsource_MLIST
x_transferred
https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3Ccvs.httpd.apache.org%3E
mailing-list
x_refsource_MLIST
x_transferred
https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a%40%3Ccvs.httpd.apache.org%3E
mailing-list
x_refsource_MLIST
x_transferred
https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E
mailing-list
x_refsource_MLIST
x_transferred
Hyperlink: http://secunia.com/advisories/35487
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.debian.org/security/2009/dsa-1812
Resource:
vendor-advisory
x_refsource_DEBIAN
x_transferred
Hyperlink: http://www.apache.org/dist/apr/CHANGES-APR-UTIL-1.3
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.vupen.com/english/advisories/2009/1907
Resource:
vdb-entry
x_refsource_VUPEN
x_transferred
Hyperlink: https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01228.html
Resource:
vendor-advisory
x_refsource_FEDORA
x_transferred
Hyperlink: http://secunia.com/advisories/35444
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://marc.info/?l=apr-dev&m=124396021826125&w=2
Resource:
mailing-list
x_refsource_MLIST
x_transferred
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2009:131
Resource:
vendor-advisory
x_refsource_MANDRIVA
x_transferred
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10270
Resource:
vdb-entry
signature
x_refsource_OVAL
x_transferred
Hyperlink: http://secunia.com/advisories/35360
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.vupen.com/english/advisories/2010/1107
Resource:
vdb-entry
x_refsource_VUPEN
x_transferred
Hyperlink: http://www.openwall.com/lists/oss-security/2009/06/03/4
Resource:
mailing-list
x_refsource_MLIST
x_transferred
Hyperlink: http://secunia.com/advisories/35395
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www-01.ibm.com/support/docview.wss?uid=swg1PK99478
Resource:
vendor-advisory
x_refsource_AIXAPAR
x_transferred
Hyperlink: http://www.securityfocus.com/archive/1/506053/100/0/threaded
Resource:
mailing-list
x_refsource_BUGTRAQ
x_transferred
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html
Resource:
vendor-advisory
x_refsource_SUSE
x_transferred
Hyperlink: http://secunia.com/advisories/35284
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www-01.ibm.com/support/docview.wss?uid=swg1PK91241
Resource:
vendor-advisory
x_refsource_AIXAPAR
x_transferred
Hyperlink: http://secunia.com/advisories/36473
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www-01.ibm.com/support/docview.wss?uid=swg1PK88342
Resource:
vendor-advisory
x_refsource_AIXAPAR
x_transferred
Hyperlink: http://secunia.com/advisories/35843
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01173.html
Resource:
vendor-advisory
x_refsource_FEDORA
x_transferred
Hyperlink: http://www.redhat.com/support/errata/RHSA-2009-1108.html
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: http://marc.info/?l=bugtraq&m=129190899612998&w=2
Resource:
vendor-advisory
x_refsource_HP
x_transferred
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12473
Resource:
vdb-entry
signature
x_refsource_OVAL
x_transferred
Hyperlink: http://secunia.com/advisories/35797
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://security.gentoo.org/glsa/glsa-200907-03.xml
Resource:
vendor-advisory
x_refsource_GENTOO
x_transferred
Hyperlink: http://svn.apache.org/viewvc?view=rev&revision=781403
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01201.html
Resource:
vendor-advisory
x_refsource_FEDORA
x_transferred
Hyperlink: http://www.ubuntu.com/usn/usn-786-1
Resource:
vendor-advisory
x_refsource_UBUNTU
x_transferred
Hyperlink: http://secunia.com/advisories/34724
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://secunia.com/advisories/37221
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://secunia.com/advisories/35565
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.vupen.com/english/advisories/2009/3184
Resource:
vdb-entry
x_refsource_VUPEN
x_transferred
Hyperlink: http://wiki.rpath.com/Advisories:rPSA-2009-0123
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: https://www.exploit-db.com/exploits/8842
Resource:
exploit
x_refsource_EXPLOIT-DB
x_transferred
Hyperlink: http://marc.info/?l=bugtraq&m=129190899612998&w=2
Resource:
vendor-advisory
x_refsource_HP
x_transferred
Hyperlink: http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.538210
Resource:
vendor-advisory
x_refsource_SLACKWARE
x_transferred
Hyperlink: http://www-01.ibm.com/support/docview.wss?uid=swg27014463
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html
Resource:
vendor-advisory
x_refsource_APPLE
x_transferred
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2013:150
Resource:
vendor-advisory
x_refsource_MANDRIVA
x_transferred
Hyperlink: http://secunia.com/advisories/35710
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.securityfocus.com/bid/35253
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: http://www.redhat.com/support/errata/RHSA-2009-1107.html
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: http://support.apple.com/kb/HT3937
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.ubuntu.com/usn/usn-787-1
Resource:
vendor-advisory
x_refsource_UBUNTU
x_transferred
Hyperlink: https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E
Resource:
mailing-list
x_refsource_MLIST
x_transferred
Hyperlink: https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E
Resource:
mailing-list
x_refsource_MLIST
x_transferred
Hyperlink: https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E
Resource:
mailing-list
x_refsource_MLIST
x_transferred
Hyperlink: https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E
Resource:
mailing-list
x_refsource_MLIST
x_transferred
Hyperlink: https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E
Resource:
mailing-list
x_refsource_MLIST
x_transferred
Hyperlink: https://lists.apache.org/thread.html/reb7c64aeea604bf948467d9d1cab8ff23fa7d002be1964bcc275aae7%40%3Ccvs.httpd.apache.org%3E
Resource:
mailing-list
x_refsource_MLIST
x_transferred
Hyperlink: https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E
Resource:
mailing-list
x_refsource_MLIST
x_transferred
Hyperlink: https://lists.apache.org/thread.html/r2295080a257bad27ea68ca0af12fc715577f9e84801eae116a33107e%40%3Ccvs.httpd.apache.org%3E
Resource:
mailing-list
x_refsource_MLIST
x_transferred
Hyperlink: https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E
Resource:
mailing-list
x_refsource_MLIST
x_transferred
Hyperlink: https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E
Resource:
mailing-list
x_refsource_MLIST
x_transferred
Hyperlink: https://lists.apache.org/thread.html/rc4c53a0d57b2771ecd4b965010580db355e38137c8711311ee1073a8%40%3Ccvs.httpd.apache.org%3E
Resource:
mailing-list
x_refsource_MLIST
x_transferred
Hyperlink: https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3Ccvs.httpd.apache.org%3E
Resource:
mailing-list
x_refsource_MLIST
x_transferred
Hyperlink: https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a%40%3Ccvs.httpd.apache.org%3E
Resource:
mailing-list
x_refsource_MLIST
x_transferred
Hyperlink: https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E
Resource:
mailing-list
x_refsource_MLIST
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:08 Jun, 2009 | 01:00
Updated At:02 Feb, 2024 | 14:11

The expat XML parser in the apr_xml_* interface in xml/apr_xml.c in Apache APR-util before 1.3.7, as used in the mod_dav and mod_dav_svn modules in the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, as demonstrated by a PROPFIND request, a similar issue to CVE-2003-1564.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Primary2.05.0MEDIUM
AV:N/AC:L/Au:N/C:N/I:N/A:P
Type: Primary
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Type: Primary
Version: 2.0
Base score: 5.0
Base severity: MEDIUM
Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P
CPE Matches
The Apache Software Foundation
apache
>>apr-util>>Versions before 1.3.7(exclusive)
cpe:2.3:a:apache:apr-util:*:*:*:*:*:*:*:*
Apple Inc.
apple
>>mac_os_x>>Versions before 10.6.2(exclusive)
cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
SUSE
suse
>>linux_enterprise_server>>9
cpe:2.3:o:suse:linux_enterprise_server:9:*:*:*:*:*:*:*
Debian GNU/Linux
debian
>>debian_linux>>4.0
cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*
Canonical Ltd.
canonical
>>ubuntu_linux>>6.06
cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*
Canonical Ltd.
canonical
>>ubuntu_linux>>8.04
cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:-:*:*:*
Canonical Ltd.
canonical
>>ubuntu_linux>>8.10
cpe:2.3:o:canonical:ubuntu_linux:8.10:*:*:*:*:*:*:*
Canonical Ltd.
canonical
>>ubuntu_linux>>9.04
cpe:2.3:o:canonical:ubuntu_linux:9.04:*:*:*:*:*:*:*
Fedora Project
fedoraproject
>>fedora>>9
cpe:2.3:o:fedoraproject:fedora:9:*:*:*:*:*:*:*
Fedora Project
fedoraproject
>>fedora>>10
cpe:2.3:o:fedoraproject:fedora:10:*:*:*:*:*:*:*
Fedora Project
fedoraproject
>>fedora>>11
cpe:2.3:o:fedoraproject:fedora:11:*:*:*:*:*:*:*
Oracle Corporation
oracle
>>http_server>>-
cpe:2.3:a:oracle:http_server:-:*:*:*:*:*:*:*
The Apache Software Foundation
apache
>>http_server>>Versions from 2.2.0(inclusive) to 2.2.12(exclusive)
cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-776Primarynvd@nist.gov
CWE ID: CWE-776
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.htmlcve@mitre.org
Mailing List
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.htmlcve@mitre.org
Mailing List
Third Party Advisory
http://marc.info/?l=apr-dev&m=124396021826125&w=2cve@mitre.org
Mailing List
Patch
http://marc.info/?l=bugtraq&m=129190899612998&w=2cve@mitre.org
Mailing List
http://secunia.com/advisories/34724cve@mitre.org
Broken Link
Third Party Advisory
http://secunia.com/advisories/35284cve@mitre.org
Broken Link
Third Party Advisory
http://secunia.com/advisories/35360cve@mitre.org
Broken Link
Third Party Advisory
http://secunia.com/advisories/35395cve@mitre.org
Broken Link
Third Party Advisory
http://secunia.com/advisories/35444cve@mitre.org
Broken Link
Third Party Advisory
http://secunia.com/advisories/35487cve@mitre.org
Broken Link
Third Party Advisory
http://secunia.com/advisories/35565cve@mitre.org
Broken Link
Third Party Advisory
http://secunia.com/advisories/35710cve@mitre.org
Broken Link
Third Party Advisory
http://secunia.com/advisories/35797cve@mitre.org
Broken Link
Third Party Advisory
http://secunia.com/advisories/35843cve@mitre.org
Broken Link
Third Party Advisory
http://secunia.com/advisories/36473cve@mitre.org
Broken Link
Third Party Advisory
http://secunia.com/advisories/37221cve@mitre.org
Broken Link
Third Party Advisory
http://security.gentoo.org/glsa/glsa-200907-03.xmlcve@mitre.org
Third Party Advisory
http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.538210cve@mitre.org
Broken Link
Third Party Advisory
http://support.apple.com/kb/HT3937cve@mitre.org
Broken Link
http://svn.apache.org/viewvc?view=rev&revision=781403cve@mitre.org
Patch
http://wiki.rpath.com/Advisories:rPSA-2009-0123cve@mitre.org
Broken Link
http://www-01.ibm.com/support/docview.wss?uid=swg1PK88342cve@mitre.org
Broken Link
http://www-01.ibm.com/support/docview.wss?uid=swg1PK91241cve@mitre.org
Broken Link
Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg1PK99478cve@mitre.org
Broken Link
Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg27014463cve@mitre.org
Broken Link
Third Party Advisory
http://www.apache.org/dist/apr/CHANGES-APR-UTIL-1.3cve@mitre.org
Broken Link
http://www.debian.org/security/2009/dsa-1812cve@mitre.org
Mailing List
Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2009:131cve@mitre.org
Broken Link
Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2013:150cve@mitre.org
Broken Link
Third Party Advisory
http://www.openwall.com/lists/oss-security/2009/06/03/4cve@mitre.org
Mailing List
http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.htmlcve@mitre.org
Patch
Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2009-1107.htmlcve@mitre.org
Broken Link
Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2009-1108.htmlcve@mitre.org
Broken Link
Third Party Advisory
http://www.securityfocus.com/archive/1/506053/100/0/threadedcve@mitre.org
Broken Link
Third Party Advisory
VDB Entry
http://www.securityfocus.com/bid/35253cve@mitre.org
Broken Link
Third Party Advisory
VDB Entry
http://www.ubuntu.com/usn/usn-786-1cve@mitre.org
Third Party Advisory
http://www.ubuntu.com/usn/usn-787-1cve@mitre.org
Third Party Advisory
http://www.vupen.com/english/advisories/2009/1907cve@mitre.org
Broken Link
Third Party Advisory
http://www.vupen.com/english/advisories/2009/3184cve@mitre.org
Broken Link
Third Party Advisory
http://www.vupen.com/english/advisories/2010/1107cve@mitre.org
Broken Link
Third Party Advisory
https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3Ecve@mitre.org
Mailing List
Patch
https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3Ecve@mitre.org
Mailing List
Patch
https://lists.apache.org/thread.html/r2295080a257bad27ea68ca0af12fc715577f9e84801eae116a33107e%40%3Ccvs.httpd.apache.org%3Ecve@mitre.org
Mailing List
Patch
https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a%40%3Ccvs.httpd.apache.org%3Ecve@mitre.org
Mailing List
Patch
https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3Ecve@mitre.org
Mailing List
Patch
https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3Ecve@mitre.org
Mailing List
Patch
https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3Ecve@mitre.org
Mailing List
Patch
https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3Ecve@mitre.org
Mailing List
Patch
https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3Ccvs.httpd.apache.org%3Ecve@mitre.org
Mailing List
Patch
https://lists.apache.org/thread.html/rc4c53a0d57b2771ecd4b965010580db355e38137c8711311ee1073a8%40%3Ccvs.httpd.apache.org%3Ecve@mitre.org
Mailing List
Patch
https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3Ecve@mitre.org
Mailing List
Patch
https://lists.apache.org/thread.html/reb7c64aeea604bf948467d9d1cab8ff23fa7d002be1964bcc275aae7%40%3Ccvs.httpd.apache.org%3Ecve@mitre.org
Mailing List
Patch
https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3Ecve@mitre.org
Mailing List
Patch
https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3Ecve@mitre.org
Mailing List
Patch
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10270cve@mitre.org
Broken Link
Third Party Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12473cve@mitre.org
Broken Link
Third Party Advisory
https://www.exploit-db.com/exploits/8842cve@mitre.org
Exploit
VDB Entry
https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01173.htmlcve@mitre.org
Mailing List
https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01201.htmlcve@mitre.org
Mailing List
https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01228.htmlcve@mitre.org
Mailing List
Hyperlink: http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html
Source: cve@mitre.org
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html
Source: cve@mitre.org
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://marc.info/?l=apr-dev&m=124396021826125&w=2
Source: cve@mitre.org
Resource:
Mailing List
Patch
Hyperlink: http://marc.info/?l=bugtraq&m=129190899612998&w=2
Source: cve@mitre.org
Resource:
Mailing List
Hyperlink: http://secunia.com/advisories/34724
Source: cve@mitre.org
Resource:
Broken Link
Third Party Advisory
Hyperlink: http://secunia.com/advisories/35284
Source: cve@mitre.org
Resource:
Broken Link
Third Party Advisory
Hyperlink: http://secunia.com/advisories/35360
Source: cve@mitre.org
Resource:
Broken Link
Third Party Advisory
Hyperlink: http://secunia.com/advisories/35395
Source: cve@mitre.org
Resource:
Broken Link
Third Party Advisory
Hyperlink: http://secunia.com/advisories/35444
Source: cve@mitre.org
Resource:
Broken Link
Third Party Advisory
Hyperlink: http://secunia.com/advisories/35487
Source: cve@mitre.org
Resource:
Broken Link
Third Party Advisory
Hyperlink: http://secunia.com/advisories/35565
Source: cve@mitre.org
Resource:
Broken Link
Third Party Advisory
Hyperlink: http://secunia.com/advisories/35710
Source: cve@mitre.org
Resource:
Broken Link
Third Party Advisory
Hyperlink: http://secunia.com/advisories/35797
Source: cve@mitre.org
Resource:
Broken Link
Third Party Advisory
Hyperlink: http://secunia.com/advisories/35843
Source: cve@mitre.org
Resource:
Broken Link
Third Party Advisory
Hyperlink: http://secunia.com/advisories/36473
Source: cve@mitre.org
Resource:
Broken Link
Third Party Advisory
Hyperlink: http://secunia.com/advisories/37221
Source: cve@mitre.org
Resource:
Broken Link
Third Party Advisory
Hyperlink: http://security.gentoo.org/glsa/glsa-200907-03.xml
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.538210
Source: cve@mitre.org
Resource:
Broken Link
Third Party Advisory
Hyperlink: http://support.apple.com/kb/HT3937
Source: cve@mitre.org
Resource:
Broken Link
Hyperlink: http://svn.apache.org/viewvc?view=rev&revision=781403
Source: cve@mitre.org
Resource:
Patch
Hyperlink: http://wiki.rpath.com/Advisories:rPSA-2009-0123
Source: cve@mitre.org
Resource:
Broken Link
Hyperlink: http://www-01.ibm.com/support/docview.wss?uid=swg1PK88342
Source: cve@mitre.org
Resource:
Broken Link
Hyperlink: http://www-01.ibm.com/support/docview.wss?uid=swg1PK91241
Source: cve@mitre.org
Resource:
Broken Link
Third Party Advisory
Hyperlink: http://www-01.ibm.com/support/docview.wss?uid=swg1PK99478
Source: cve@mitre.org
Resource:
Broken Link
Third Party Advisory
Hyperlink: http://www-01.ibm.com/support/docview.wss?uid=swg27014463
Source: cve@mitre.org
Resource:
Broken Link
Third Party Advisory
Hyperlink: http://www.apache.org/dist/apr/CHANGES-APR-UTIL-1.3
Source: cve@mitre.org
Resource:
Broken Link
Hyperlink: http://www.debian.org/security/2009/dsa-1812
Source: cve@mitre.org
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2009:131
Source: cve@mitre.org
Resource:
Broken Link
Third Party Advisory
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2013:150
Source: cve@mitre.org
Resource:
Broken Link
Third Party Advisory
Hyperlink: http://www.openwall.com/lists/oss-security/2009/06/03/4
Source: cve@mitre.org
Resource:
Mailing List
Hyperlink: http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html
Source: cve@mitre.org
Resource:
Patch
Third Party Advisory
Hyperlink: http://www.redhat.com/support/errata/RHSA-2009-1107.html
Source: cve@mitre.org
Resource:
Broken Link
Third Party Advisory
Hyperlink: http://www.redhat.com/support/errata/RHSA-2009-1108.html
Source: cve@mitre.org
Resource:
Broken Link
Third Party Advisory
Hyperlink: http://www.securityfocus.com/archive/1/506053/100/0/threaded
Source: cve@mitre.org
Resource:
Broken Link
Third Party Advisory
VDB Entry
Hyperlink: http://www.securityfocus.com/bid/35253
Source: cve@mitre.org
Resource:
Broken Link
Third Party Advisory
VDB Entry
Hyperlink: http://www.ubuntu.com/usn/usn-786-1
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: http://www.ubuntu.com/usn/usn-787-1
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: http://www.vupen.com/english/advisories/2009/1907
Source: cve@mitre.org
Resource:
Broken Link
Third Party Advisory
Hyperlink: http://www.vupen.com/english/advisories/2009/3184
Source: cve@mitre.org
Resource:
Broken Link
Third Party Advisory
Hyperlink: http://www.vupen.com/english/advisories/2010/1107
Source: cve@mitre.org
Resource:
Broken Link
Third Party Advisory
Hyperlink: https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E
Source: cve@mitre.org
Resource:
Mailing List
Patch
Hyperlink: https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E
Source: cve@mitre.org
Resource:
Mailing List
Patch
Hyperlink: https://lists.apache.org/thread.html/r2295080a257bad27ea68ca0af12fc715577f9e84801eae116a33107e%40%3Ccvs.httpd.apache.org%3E
Source: cve@mitre.org
Resource:
Mailing List
Patch
Hyperlink: https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a%40%3Ccvs.httpd.apache.org%3E
Source: cve@mitre.org
Resource:
Mailing List
Patch
Hyperlink: https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E
Source: cve@mitre.org
Resource:
Mailing List
Patch
Hyperlink: https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E
Source: cve@mitre.org
Resource:
Mailing List
Patch
Hyperlink: https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E
Source: cve@mitre.org
Resource:
Mailing List
Patch
Hyperlink: https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E
Source: cve@mitre.org
Resource:
Mailing List
Patch
Hyperlink: https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3Ccvs.httpd.apache.org%3E
Source: cve@mitre.org
Resource:
Mailing List
Patch
Hyperlink: https://lists.apache.org/thread.html/rc4c53a0d57b2771ecd4b965010580db355e38137c8711311ee1073a8%40%3Ccvs.httpd.apache.org%3E
Source: cve@mitre.org
Resource:
Mailing List
Patch
Hyperlink: https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E
Source: cve@mitre.org
Resource:
Mailing List
Patch
Hyperlink: https://lists.apache.org/thread.html/reb7c64aeea604bf948467d9d1cab8ff23fa7d002be1964bcc275aae7%40%3Ccvs.httpd.apache.org%3E
Source: cve@mitre.org
Resource:
Mailing List
Patch
Hyperlink: https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E
Source: cve@mitre.org
Resource:
Mailing List
Patch
Hyperlink: https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E
Source: cve@mitre.org
Resource:
Mailing List
Patch
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10270
Source: cve@mitre.org
Resource:
Broken Link
Third Party Advisory
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12473
Source: cve@mitre.org
Resource:
Broken Link
Third Party Advisory
Hyperlink: https://www.exploit-db.com/exploits/8842
Source: cve@mitre.org
Resource:
Exploit
VDB Entry
Hyperlink: https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01173.html
Source: cve@mitre.org
Resource:
Mailing List
Hyperlink: https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01201.html
Source: cve@mitre.org
Resource:
Mailing List
Hyperlink: https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01228.html
Source: cve@mitre.org
Resource:
Mailing List

Change History

0
Information is not available yet

Similar CVEs

2313Records found
CVE-2003-0245
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-78.92% / 99.02%
||
7 Day CHG~0.00%
Published-30 May, 2003 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the apr_psprintf function in the Apache Portable Runtime (APR) library for Apache 2.0.37 through 2.0.45 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long strings, as demonstrated using XML objects to mod_dav, and possibly other vectors.

Action-Not Available
Vendor-n/aThe Apache Software Foundation
Product-http_servern/a
CVE-2011-3259
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-5||MEDIUM
EPSS-1.56% / 80.72%
||
7 Day CHG~0.00%
Published-14 Oct, 2011 | 10:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The kernel in Apple iOS before 5 and Apple TV before 4.4 does not properly recover memory allocated for incomplete TCP connections, which allows remote attackers to cause a denial of service (resource consumption) by making many connection attempts.

Action-Not Available
Vendor-n/aApple Inc.
Product-apple_tviphone_osn/a
CVE-2019-0222
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-7.5||HIGH
EPSS-10.30% / 92.87%
||
7 Day CHG~0.00%
Published-28 Mar, 2019 | 21:16
Updated-04 Aug, 2024 | 17:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Apache ActiveMQ 5.0.0 - 5.15.8, unmarshalling corrupt MQTT frame can lead to broker Out of Memory exception making it unresponsive.

Action-Not Available
Vendor-The Apache Software FoundationNetApp, Inc.Debian GNU/LinuxOracle Corporation
Product-communications_diameter_signaling_routerdebian_linuxenterprise_repositoryidentity_manager_connectorgoldengate_stream_analyticsactivemqe-series_santricity_web_servicesenterprise_manager_base_platformApache ActiveMQ
CVE-2001-0457
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-0.74% / 71.94%
||
7 Day CHG~0.00%
Published-18 Sep, 2001 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

man2html before 1.5-22 allows remote attackers to cause a denial of service (memory exhaustion).

Action-Not Available
Vendor-n/aDebian GNU/Linux
Product-debian_linuxn/a
CVE-2010-2432
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-0.83% / 73.56%
||
7 Day CHG~0.00%
Published-22 Jun, 2010 | 20:24
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The cupsDoAuthentication function in auth.c in the client in CUPS before 1.4.4, when HAVE_GSSAPI is omitted, does not properly handle a demand for authorization, which allows remote CUPS servers to cause a denial of service (infinite loop) via HTTP_UNAUTHORIZED responses.

Action-Not Available
Vendor-n/aApple Inc.
Product-cupsn/a
CVE-2001-0515
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-0.54% / 66.67%
||
7 Day CHG~0.00%
Published-27 Jul, 2001 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Oracle Listener in Oracle 7.3 and 8i allows remote attackers to cause a denial of service via a malformed connection packet with a large offset_to_data value.

Action-Not Available
Vendor-n/aOracle Corporation
Product-oracle8idatabase_servern/a
CVE-2019-0199
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-7.5||HIGH
EPSS-70.84% / 98.64%
||
7 Day CHG~0.00%
Published-10 Apr, 2019 | 14:21
Updated-04 Aug, 2024 | 17:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The HTTP/2 implementation in Apache Tomcat 9.0.0.M1 to 9.0.14 and 8.5.0 to 8.5.37 accepted streams with excessive numbers of SETTINGS frames and also permitted clients to keep streams open without reading/writing request/response data. By keeping streams open for requests that utilised the Servlet API's blocking I/O, clients were able to cause server-side threads to block eventually leading to thread exhaustion and a DoS.

Action-Not Available
Vendor-n/aThe Apache Software Foundation
Product-tomcatApache Tomcat
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2021-38593
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.94% / 75.21%
||
7 Day CHG~0.00%
Published-12 Aug, 2021 | 00:00
Updated-04 Aug, 2024 | 01:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Qt 5.x before 5.15.6 and 6.x through 6.1.2 has an out-of-bounds write in QOutlineMapper::convertPath (called from QRasterPaintEngine::fill and QPaintEngineEx::stroke).

Action-Not Available
Vendor-qtn/aFedora Project
Product-qtfedoran/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2010-2332
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-1.77% / 81.91%
||
7 Day CHG~0.00%
Published-18 Jun, 2010 | 20:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Impact Financials, Inc. Impact PDF Reader 2.0, 1.2, and other versions for iPhone and iPod touch allows remote attackers to cause a denial of service (server crash) via a "..." body in a POST request.

Action-Not Available
Vendor-impactfinancialsn/aApple Inc.
Product-iphone_osimpact_pdf_readern/a
CWE ID-CWE-20
Improper Input Validation
CVE-2011-3566
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-5||MEDIUM
EPSS-0.65% / 69.88%
||
7 Day CHG~0.00%
Published-18 Jan, 2012 | 22:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 9.2.4, 10.0.2, 10.3.3, 10.3.4, and 10.3.5 allows remote attackers to affect availability via unknown vectors related to Web Container.

Action-Not Available
Vendor-n/aOracle Corporation
Product-fusion_middlewaren/a
CVE-2000-0888
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-15.77% / 94.47%
||
7 Day CHG~0.00%
Published-22 Jan, 2001 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

named in BIND 8.2 through 8.2.2-P6 allows remote attackers to cause a denial of service by sending an SRV record to the server, aka the "srv bug."

Action-Not Available
Vendor-n/aDebian GNU/LinuxInternet Systems Consortium, Inc.
Product-debian_linuxbindn/a
CVE-2021-3803
Matching Score-8
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-8
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-7.5||HIGH
EPSS-0.11% / 30.85%
||
7 Day CHG~0.00%
Published-17 Sep, 2021 | 00:00
Updated-03 Aug, 2024 | 17:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Inefficient Regular Expression Complexity in fb55/nth-check

nth-check is vulnerable to Inefficient Regular Expression Complexity

Action-Not Available
Vendor-nth-check_projectfb55Debian GNU/Linux
Product-debian_linuxnth-checkfb55/nth-check
CWE ID-CWE-1333
Inefficient Regular Expression Complexity
CVE-2016-2194
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.69% / 81.47%
||
7 Day CHG-0.01%
Published-13 May, 2016 | 14:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The ressol function in Botan before 1.10.11 and 1.11.x before 1.11.27 allows remote attackers to cause a denial of service (infinite loop) via unspecified input to the OS2ECP function, related to a composite modulus.

Action-Not Available
Vendor-botan_projectn/aDebian GNU/Linux
Product-debian_linuxbotann/a
CWE ID-CWE-20
Improper Input Validation
CVE-2016-4476
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.59% / 68.12%
||
7 Day CHG~0.00%
Published-09 May, 2016 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

hostapd 0.6.7 through 2.5 and wpa_supplicant 0.6.7 through 2.5 do not reject \n and \r characters in passphrase parameters, which allows remote attackers to cause a denial of service (daemon outage) via a crafted WPS operation.

Action-Not Available
Vendor-w1.fin/aCanonical Ltd.
Product-ubuntu_linuxwpa_supplicanthostapdn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2011-1752
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-6.61% / 90.80%
||
7 Day CHG~0.00%
Published-06 Jun, 2011 | 19:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.17, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request for a baselined WebDAV resource, as exploited in the wild in May 2011.

Action-Not Available
Vendor-n/aDebian GNU/LinuxCanonical Ltd.Fedora ProjectThe Apache Software FoundationApple Inc.
Product-ubuntu_linuxfedoradebian_linuxmac_os_xsubversionn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2018-8030
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-7.5||HIGH
EPSS-0.91% / 74.79%
||
7 Day CHG~0.00%
Published-19 Jun, 2018 | 13:00
Updated-16 Sep, 2024 | 19:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Denial of Service vulnerability was found in Apache Qpid Broker-J versions 7.0.0-7.0.4 when AMQP protocols 0-8, 0-9 or 0-91 are used to publish messages with size greater than allowed maximum message size limit (100MB by default). The broker crashes due to the defect. AMQP protocols 0-10 and 1.0 are not affected.

Action-Not Available
Vendor-The Apache Software Foundation
Product-qpid_broker-jApache Qpid Broker-J
CWE ID-CWE-20
Improper Input Validation
CVE-2000-0314
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-0.32% / 53.96%
||
7 Day CHG~0.00%
Published-07 May, 2001 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

traceroute in NetBSD 1.3.3 and Linux systems allows local users to flood other systems by providing traceroute with a large waittime (-w) option, which is not parsed properly and sets the time delay for sending packets to zero.

Action-Not Available
Vendor-digitaln/aSlackwareRed Hat, Inc.Debian GNU/LinuxNetBSD
Product-netbsddebian_linuxunixlinuxslackware_linuxn/a
CVE-2018-8038
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-7.5||HIGH
EPSS-40.66% / 97.27%
||
7 Day CHG~0.00%
Published-05 Jul, 2018 | 13:00
Updated-16 Sep, 2024 | 22:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Versions of Apache CXF Fediz prior to 1.4.4 do not fully disable Document Type Declarations (DTDs) when either parsing the Identity Provider response in the application plugins, or in the Identity Provider itself when parsing certain XML-based parameters.

Action-Not Available
Vendor-The Apache Software Foundation
Product-cxf_fedizApache CXF Fediz
CWE ID-CWE-20
Improper Input Validation
CVE-2018-9240
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.44% / 62.09%
||
7 Day CHG~0.00%
Published-03 Apr, 2018 | 22:00
Updated-05 Aug, 2024 | 07:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ncmpc through 0.29 is prone to a NULL pointer dereference flaw. If a user uses the chat screen and another client sends a long chat message, a crash and denial of service could occur.

Action-Not Available
Vendor-ncmpc_projectn/aCanonical Ltd.Debian GNU/Linux
Product-ubuntu_linuxncmpcdebian_linuxn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2011-2241
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-5||MEDIUM
EPSS-0.68% / 70.58%
||
7 Day CHG~0.00%
Published-20 Jul, 2011 | 23:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Oracle Business Intelligence Enterprise Edition component in Oracle Fusion Middleware 10.1.3.4.1 and 11.1.1.3 allows remote attackers to affect availability via unknown vectors related to Analytics Server.

Action-Not Available
Vendor-n/aOracle Corporation
Product-fusion_middlewaren/a
CVE-2010-1623
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-21.11% / 95.44%
||
7 Day CHG-0.85%
Published-04 Oct, 2010 | 20:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Memory leak in the apr_brigade_split_line function in buckets/apr_brigade.c in the Apache Portable Runtime Utility library (aka APR-util) before 1.3.10, as used in the mod_reqtimeout module in the Apache HTTP Server and other software, allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors related to the destruction of an APR bucket.

Action-Not Available
Vendor-n/aThe Apache Software Foundation
Product-http_serverapr-utiln/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2000-0513
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-0.76% / 72.40%
||
7 Day CHG~0.00%
Published-13 Oct, 2000 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

CUPS (Common Unix Printing System) 1.04 and earlier allows remote attackers to cause a denial of service by authenticating with a user name that does not exist or does not have a shadow password.

Action-Not Available
Vendor-n/aDebian GNU/Linux
Product-debian_linuxn/a
CVE-2021-38291
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.14% / 34.01%
||
7 Day CHG~0.00%
Published-12 Aug, 2021 | 00:00
Updated-04 Aug, 2024 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

FFmpeg version (git commit de8e6e67e7523e48bb27ac224a0b446df05e1640) suffers from a an assertion failure at src/libavutil/mathematics.c.

Action-Not Available
Vendor-n/aDebian GNU/LinuxFFmpeg
Product-ffmpegdebian_linuxn/a
CWE ID-CWE-617
Reachable Assertion
CVE-2000-0511
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-0.76% / 72.40%
||
7 Day CHG~0.00%
Published-13 Oct, 2000 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

CUPS (Common Unix Printing System) 1.04 and earlier allows remote attackers to cause a denial of service via a CGI POST request.

Action-Not Available
Vendor-n/aDebian GNU/Linux
Product-debian_linuxn/a
CVE-2000-0512
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-0.76% / 72.40%
||
7 Day CHG~0.00%
Published-13 Oct, 2000 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

CUPS (Common Unix Printing System) 1.04 and earlier does not properly delete request files, which allows a remote attacker to cause a denial of service.

Action-Not Available
Vendor-n/aDebian GNU/Linux
Product-debian_linuxn/a
CVE-2011-1770
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-4.96% / 89.25%
||
7 Day CHG~0.00%
Published-24 Jun, 2011 | 20:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Integer underflow in the dccp_parse_options function (net/dccp/options.c) in the Linux kernel before 2.6.33.14 allows remote attackers to cause a denial of service via a Datagram Congestion Control Protocol (DCCP) packet with an invalid feature options length, which triggers a buffer over-read.

Action-Not Available
Vendor-n/aFedora ProjectLinux Kernel Organization, Inc
Product-linux_kernelfedoran/a
CWE ID-CWE-191
Integer Underflow (Wrap or Wraparound)
CVE-2018-8789
Matching Score-8
Assigner-Check Point Software Ltd.
ShareView Details
Matching Score-8
Assigner-Check Point Software Ltd.
CVSS Score-7.5||HIGH
EPSS-1.99% / 82.87%
||
7 Day CHG~0.00%
Published-29 Nov, 2018 | 18:00
Updated-16 Sep, 2024 | 20:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

FreeRDP prior to version 2.0.0-rc4 contains several Out-Of-Bounds Reads in the NTLM Authentication module that results in a Denial of Service (segfault).

Action-Not Available
Vendor-Canonical Ltd.Check Point Software Technologies Ltd.FreeRDPDebian GNU/Linux
Product-freerdpubuntu_linuxdebian_linuxFreeRDP
CWE ID-CWE-126
Buffer Over-read
CWE ID-CWE-125
Out-of-bounds Read
CVE-2016-4348
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-3.08% / 86.22%
||
7 Day CHG+1.16%
Published-20 May, 2016 | 14:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The _rsvg_css_normalize_font_size function in librsvg 2.40.2 allows context-dependent attackers to cause a denial of service (stack consumption and application crash) via circular definitions in an SVG document.

Action-Not Available
Vendor-n/aThe GNOME ProjectDebian GNU/LinuxopenSUSE
Product-debian_linuxleapopensuselibrsvgn/a
CWE ID-CWE-20
Improper Input Validation
CVE-1999-0746
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-4.01% / 88.00%
||
7 Day CHG~0.00%
Published-22 Mar, 2000 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A default configuration of in.identd in SuSE Linux waits 120 seconds between requests, allowing a remote attacker to conduct a denial of service.

Action-Not Available
Vendor-n/aSlackwareSUSE
Product-slackware_linuxsuse_linuxn/a
CVE-2016-4556
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-39.41% / 97.19%
||
7 Day CHG~0.00%
Published-10 May, 2016 | 19:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Double free vulnerability in Esi.cc in Squid 3.x before 3.5.18 and 4.x before 4.0.10 allows remote servers to cause a denial of service (crash) via a crafted Edge Side Includes (ESI) response.

Action-Not Available
Vendor-n/aSquid CacheOracle CorporationCanonical Ltd.
Product-squidlinuxubuntu_linuxn/a
CVE-2018-8022
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-7.5||HIGH
EPSS-6.70% / 90.87%
||
7 Day CHG~0.00%
Published-29 Aug, 2018 | 13:00
Updated-16 Sep, 2024 | 21:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A carefully crafted invalid TLS handshake can cause Apache Traffic Server (ATS) to segfault. This affects version 6.2.2. To resolve this issue users running 6.2.2 should upgrade to 6.2.3 or later versions.

Action-Not Available
Vendor-The Apache Software Foundation
Product-traffic_serverApache Traffic Server
CWE ID-CWE-20
Improper Input Validation
CVE-1999-1068
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-0.42% / 61.17%
||
7 Day CHG~0.00%
Published-12 Sep, 2001 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Oracle Webserver 2.1, when serving PL/SQL stored procedures, allows remote attackers to cause a denial of service via a long HTTP GET request.

Action-Not Available
Vendor-n/aOracle Corporation
Product-http_servern/a
CVE-1999-0939
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-0.52% / 65.86%
||
7 Day CHG~0.00%
Published-04 Jan, 2000 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Denial of service in Debian IRC Epic/epic4 client via a long string.

Action-Not Available
Vendor-n/aDebian GNU/Linux
Product-debian_linuxn/a
CVE-2018-8777
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.26% / 78.54%
||
7 Day CHG~0.00%
Published-03 Apr, 2018 | 22:00
Updated-05 Aug, 2024 | 07:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, an attacker can pass a large HTTP request with a crafted header to WEBrick server or a crafted body to WEBrick server/handler and cause a denial of service (memory consumption).

Action-Not Available
Vendor-n/aDebian GNU/LinuxCanonical Ltd.RubyRed Hat, Inc.
Product-ubuntu_linuxdebian_linuxrubyenterprise_linuxn/a
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2010-1452
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-15.61% / 94.43%
||
7 Day CHG~0.00%
Published-28 Jul, 2010 | 19:32
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The (1) mod_cache and (2) mod_dav modules in the Apache HTTP Server 2.2.x before 2.2.16 allow remote attackers to cause a denial of service (process crash) via a request that lacks a path.

Action-Not Available
Vendor-n/aThe Apache Software Foundation
Product-http_servern/a
CVE-1999-1015
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-5.32% / 89.65%
||
7 Day CHG~0.00%
Published-12 Sep, 2001 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in Apple AppleShare Mail Server 5.0.3 on MacOS 8.1 and earlier allows a remote attacker to cause a denial of service (crash) via a long HELO command.

Action-Not Available
Vendor-n/aApple Inc.
Product-appleshare_mail_servern/a
CVE-2016-2105
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-62.17% / 98.29%
||
7 Day CHG~0.00%
Published-05 May, 2016 | 00:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Integer overflow in the EVP_EncodeUpdate function in crypto/evp/encode.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (heap memory corruption) via a large amount of binary data.

Action-Not Available
Vendor-n/aNode.js (OpenJS Foundation)openSUSERed Hat, Inc.Apple Inc.OpenSSLDebian GNU/LinuxOracle CorporationCanonical Ltd.
Product-enterprise_linux_serverenterprise_linux_server_ausdebian_linuxenterprise_linux_hpc_nodeleapopensusemysqlenterprise_linux_desktopubuntu_linuxenterprise_linux_server_eusenterprise_linux_workstationopensslenterprise_linux_hpc_node_eusmac_os_xnode.jsn/a
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2016-3445
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-5.3||MEDIUM
EPSS-1.55% / 80.65%
||
7 Day CHG~0.00%
Published-21 Jul, 2016 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6.0 and 12.1.3.0 allows remote attackers to affect availability via vectors related to Web Container, a different vulnerability than CVE-2016-5488.

Action-Not Available
Vendor-n/aOracle Corporation
Product-weblogic_servern/a
CVE-2011-1002
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-71.89% / 98.68%
||
7 Day CHG~0.00%
Published-22 Feb, 2011 | 18:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

avahi-core/socket.c in avahi-daemon in Avahi before 0.6.29 allows remote attackers to cause a denial of service (infinite loop) via an empty mDNS (1) IPv4 or (2) IPv6 UDP packet to port 5353. NOTE: this vulnerability exists because of an incorrect fix for CVE-2010-2244.

Action-Not Available
Vendor-avahin/aCanonical Ltd.Debian GNU/LinuxFedora ProjectRed Hat, Inc.
Product-ubuntu_linuxenterprise_linuxfedoradebian_linuxavahin/a
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CVE-2017-10347
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-5.3||MEDIUM
EPSS-0.51% / 65.22%
||
7 Day CHG~0.00%
Published-19 Oct, 2017 | 17:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Java SE, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, JRockit. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).

Action-Not Available
Vendor-Debian GNU/LinuxRed Hat, Inc.Oracle CorporationNetApp, Inc.
Product-enterprise_linux_desktoponcommand_unified_manageroncommand_balanceplug-in_for_symantec_netbackupenterprise_linux_server_tusenterprise_linux_eusenterprise_linux_workstatione-series_santricity_web_servicesjdke-series_santricity_management_plug-insactive_iq_unified_managersatellitesteelstore_cloud_integrated_storagedebian_linuxenterprise_linux_servercloud_backupenterprise_linux_server_ausoncommand_insightvasa_provider_for_clustered_data_ontapjreoncommand_performance_managerelement_softwaresnapmanagervirtual_storage_consoleoncommand_shifte-series_santricity_storage_manageroncommand_workflow_automationstorage_replication_adapter_for_clustered_data_ontape-series_santricity_os_controllerJava
CVE-2010-0910
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-5||MEDIUM
EPSS-0.70% / 71.19%
||
7 Day CHG~0.00%
Published-13 Jul, 2010 | 22:07
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Data Server component in Oracle TimesTen In-Memory Database 7.0.6.0 and 11.2.1.4.1 allows remote attackers to affect availability via unknown vectors.

Action-Not Available
Vendor-n/aOracle Corporation
Product-timesten_in-memory_databasen/a
CVE-2018-8792
Matching Score-8
Assigner-Check Point Software Ltd.
ShareView Details
Matching Score-8
Assigner-Check Point Software Ltd.
CVSS Score-7.5||HIGH
EPSS-0.76% / 72.43%
||
7 Day CHG~0.00%
Published-05 Feb, 2019 | 20:00
Updated-17 Sep, 2024 | 02:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

rdesktop versions up to and including v1.8.3 contain an Out-Of-Bounds Read in function cssp_read_tsrequest() that results in a Denial of Service (segfault).

Action-Not Available
Vendor-rdesktopDebian GNU/LinuxCheck Point Software Technologies Ltd.
Product-rdesktopdebian_linuxrdesktop
CWE ID-CWE-126
Buffer Over-read
CWE ID-CWE-125
Out-of-bounds Read
CVE-2018-9988
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.56% / 67.40%
||
7 Day CHG~0.00%
Published-10 Apr, 2018 | 19:00
Updated-05 Aug, 2024 | 07:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ARM mbed TLS before 2.1.11, before 2.7.2, and before 2.8.0 has a buffer over-read in ssl_parse_server_key_exchange() that could cause a crash on invalid input.

Action-Not Available
Vendor-n/aDebian GNU/LinuxArm Limited
Product-mbed_tlsdebian_linuxn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2010-0751
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-3.80% / 87.62%
||
7 Day CHG~0.00%
Published-06 Apr, 2010 | 16:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The ip_evictor function in ip_fragment.c in libnids before 1.24, as used in dsniff and possibly other products, allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via crafted fragmented packets.

Action-Not Available
Vendor-libnids_projectn/aFedora Project
Product-libnidsfedoran/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2010-0856
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-5||MEDIUM
EPSS-1.14% / 77.50%
||
7 Day CHG~0.00%
Published-13 Apr, 2010 | 22:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Portal component in Oracle Fusion Middleware 10.1.2.3 and 10.1.4.2 allows remote attackers to affect availability via unknown vectors.

Action-Not Available
Vendor-n/aOracle Corporation
Product-fusion_middlewaren/a
CVE-2010-1226
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-2.05% / 83.12%
||
7 Day CHG~0.00%
Published-01 Apr, 2010 | 22:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The HTTP client functionality in Apple iPhone OS 3.1 on the iPhone 2G and 3.1.3 on the iPhone 3GS allows remote attackers to cause a denial of service (Safari, Mail, or Springboard crash) via a crafted innerHTML property of a DIV element, related to a "malformed character" issue.

Action-Not Available
Vendor-n/aApple Inc.
Product-iphone_osiphonen/a
CWE ID-CWE-20
Improper Input Validation
CVE-2016-3627
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.26% / 49.46%
||
7 Day CHG~0.00%
Published-17 May, 2016 | 14:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The xmlStringGetNodeList function in tree.c in libxml2 2.9.3 and earlier, when used in recovery mode, allows context-dependent attackers to cause a denial of service (infinite recursion, stack consumption, and application crash) via a crafted XML document.

Action-Not Available
Vendor-n/aOracle CorporationCanonical Ltd.HP Inc.libxml2 (XMLSoft)Debian GNU/LinuxopenSUSERed Hat, Inc.
Product-icewall_file_managerenterprise_linux_serverenterprise_linux_server_aussolarislibxml2enterprise_linux_eusleapicewall_federation_agentubuntu_linuxenterprise_linux_desktopjboss_core_servicesvm_serverenterprise_linux_workstationdebian_linuxn/a
CWE ID-CWE-674
Uncontrolled Recursion
CVE-2011-1027
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-5.19% / 89.53%
||
7 Day CHG~0.00%
Published-20 Mar, 2011 | 01:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Off-by-one error in the convert_query_hexchar function in html.c in cgit.cgi in cgit before 0.8.3.5 allows remote attackers to cause a denial of service (infinite loop) via a string composed of a % (percent) character followed by invalid hex characters, as demonstrated by a %gg sequence.

Action-Not Available
Vendor-lars_hjemlin/aFedora Project
Product-fedoracgitn/a
CWE ID-CWE-193
Off-by-one Error
CVE-2011-0534
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-16.98% / 94.71%
||
7 Day CHG~0.00%
Published-10 Feb, 2011 | 17:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Apache Tomcat 7.0.0 through 7.0.6 and 6.0.0 through 6.0.30 does not enforce the maxHttpHeaderSize limit for requests involving the NIO HTTP connector, which allows remote attackers to cause a denial of service (OutOfMemoryError) via a crafted request.

Action-Not Available
Vendor-n/aThe Apache Software Foundation
Product-tomcatn/a
CVE-2018-8796
Matching Score-8
Assigner-Check Point Software Ltd.
ShareView Details
Matching Score-8
Assigner-Check Point Software Ltd.
CVSS Score-7.5||HIGH
EPSS-0.58% / 68.08%
||
7 Day CHG~0.00%
Published-05 Feb, 2019 | 20:00
Updated-16 Sep, 2024 | 18:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

rdesktop versions up to and including v1.8.3 contain an Out-Of-Bounds Read in function process_bitmap_updates() that results in a Denial of Service (segfault).

Action-Not Available
Vendor-rdesktopDebian GNU/LinuxCheck Point Software Technologies Ltd.
Product-rdesktopdebian_linuxrdesktop
CWE ID-CWE-126
Buffer Over-read
CWE ID-CWE-125
Out-of-bounds Read
  • Previous
  • 1
  • 2
  • 3
  • 4
  • ...
  • 46
  • 47
  • Next
Details not found