Apache APR-util 'xml/apr_xml.c' Denial Of Service Vulnerability
Severity: HIGH
CVE Identifier: CVE-2009-1955
Advisory Date: JUL 21, 2015
DESCRIPTION
The expat XML parser in the apr_xml_* interface in xml/apr_xml.c in Apache APR-util before 1.3.7, as used in the mod_dav and mod_dav_svn modules in the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, as demonstrated by a PROPFIND request, a similar issue to CVE-2003-1564.
TREND MICRO PROTECTION INFORMATION
Apply associated Trend Micro DPI Rules.
SOLUTION
Trend Micro Deep Security DPI Rule Number: 1003536
Trend Micro Deep Security DPI Rule Name: 1003536 - Apache mod_dav svn Remote Denial Of Service
AFFECTED SOFTWARE AND VERSION
- apache apr-util 0.9.1
- apache apr-util 0.9.2
- apache apr-util 0.9.3
- apache apr-util 0.9.4
- apache apr-util 0.9.5
- apache apr-util 1.0
- apache apr-util 1.0.1
- apache apr-util 1.0.2
- apache apr-util 1.1.0
- apache apr-util 1.1.1
- apache apr-util 1.1.2
- apache apr-util 1.2.1
- apache apr-util 1.2.2
- apache apr-util 1.2.6
- apache apr-util 1.2.7
- apache apr-util 1.2.8
- apache apr-util 1.3.0
- apache apr-util 1.3.1
- apache apr-util 1.3.2
- apache apr-util 1.3.3
- apache apr-util 1.3.4
- apache apr-util 1.3.5
- apache apr-util 1.3.6
- apache http_server