Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

Apache HTTP Server Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2009-3560)

Description

The big2_toUtf8 function in lib/xmltok.c in libexpat in Expat 2.0.1, as used in the XML-Twig module for Perl, allows context-dependent attackers to cause a denial of service (application crash) via an XML document with malformed UTF-8 sequences that trigger a buffer over-read, related to the doProlog function in lib/xmlparse.c, a different vulnerability than CVE-2009-2625 and CVE-2009-3720.

Remediation

References

Related Vulnerabilities

ATutor Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2012-6528)

Drupal Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2007-5593)

Beego Framework Incorrect Default Permissions Vulnerability (CVE-2019-16355)

WordPress Plugin More from Google Cross-Site Scripting (0.0.2)

OpenSSL Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2015-3195)

Severity

Medium

Classification

CVE-2009-3560 CWE-119

Tags

Missing Update Known Vulnerabilities