SERVER-APACHE -- Snort has detected traffic exploiting vulnerabilities in Apache servers.
SERVER-APACHE Apache WebDAV mod_dav nested entity reference DoS attempt
The expat XML parser in the apr_xml_* interface in xml/apr_xml.c in Apache APR-util before 1.3.7, as used in the mod_dav and mod_dav_svn modules in the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, as demonstrated by a PROPFIND request, a similar issue to CVE-2003-1564. Impact: CVSS base score 7.8 CVSS impact score 6.9 CVSS exploitability score 10.0 confidentialityImpact NONE integrityImpact NONE availabilityImpact NONE Details: Ease of Attack:
No information provided
No public information
No known false positives
Talos research team. This document was generated from data supplied by the national vulnerability database, a product of the national institute of standards and technology. For more information see [nvd].
No rule groups
CVE-2009-1955 |
Loading description
|
CVE-2003-1564 |
Loading description
|