mirror of
https://github.com/0xMarcio/cve.git
synced 2026-05-23 15:00:20 +02:00
0xMarcio
1.1 KiB
1.1 KiB
CVE-2009-1955
Description
The expat XML parser in the apr_xml_* interface in xml/apr_xml.c in Apache APR-util before 1.3.7, as used in the mod_dav and mod_dav_svn modules in the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, as demonstrated by a PROPFIND request, a similar issue to CVE-2003-1564.
POC
Reference
- http://www-01.ibm.com/support/docview.wss?uid=swg1PK91241
- http://www.mandriva.com/security/advisories?name=MDVSA-2013:150
- http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html
- https://www.exploit-db.com/exploits/8842