What is CVE-2009-1955?

CVE-2009-1955 is a vulnerability in N/a. Published 2009-06-06.

Is CVE-2009-1955 known to be exploited?

2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2009-1955

The expat XML parser in the apr_xml_* interface in xml/apr_xml.c in Apache APR-util before 1.3.7, as used in the mod_dav and mod_dav_svn modules in the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consum…

EPSS: 0.533 (98.8th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

References

35487 (x_refsource_SECUNIA, third-party-advisory)
DSA-1812 (vendor-advisory, x_refsource_DEBIAN)
www.apache.org/dist/apr/CHANGES-APR-UTIL-1.3 (x_refsource_CONFIRM)
ADV-2009-1907 (vdb-entry, x_refsource_VUPEN)
FEDORA-2009-5969 (x_refsource_FEDORA, vendor-advisory)
35444 (x_refsource_SECUNIA, third-party-advisory)
[apr-dev] 20090602 [PATCH] prevent "billion laughs" attack against expat (mailing-list, x_refsource_MLIST)
MDVSA-2009:131 (vendor-advisory, x_refsource_MANDRIVA)
oval:org.mitre.oval:def:10270 (x_refsource_OVAL, signature, vdb-entry)
35360 (x_refsource_SECUNIA, third-party-advisory)

Frequently asked questions

What is CVE-2009-1955?: CVE-2009-1955 is a vulnerability in N/a. Published 2009-06-06.
Is CVE-2009-1955 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.