Description

The Solaris pollset feature in the Event Port backend in poll/unix/port.c in the Apache Portable Runtime (APR) library before 1.3.9, as used in the Apache HTTP Server before 2.2.14 and other products, does not properly handle errors, which allows remote attackers to cause a denial of service (daemon hang) via unspecified HTTP requests, related to the prefork and event MPMs.

Remediation

References

CVE-2009-2699

Related Vulnerabilities

Atlassian Jira Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2019-20401)

Jboss EAP Deserialization of Untrusted Data Vulnerability (CVE-2016-7065)

WordPress Plugin Podlove Podcast Publisher Multiple Cross-Site Scripting Vulnerabilities (2.1.0)

Contao Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2024-45604)

Liferay DXP Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2024-26265)

Severity

High

Classification

CVE-2009-2699 CWE-667 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Tags

Missing Update Known Vulnerabilities