Apache APR-util 'xml/apr_xml.c' Denial Of Service Vulnerability
2015年7月21日
危険度: : 高
CVE識別番号: CVE-2009-1955
概要
The expat XML parser in the apr_xml_* interface in xml/apr_xml.c in Apache APR-util before 1.3.7, as used in the mod_dav and mod_dav_svn modules in the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, as demonstrated by a PROPFIND request, a similar issue to CVE-2003-1564.
トレンドマイクロの対策
Apply associated Trend Micro DPI Rules.
対応方法
Trend Micro Deep Security DPI Rule Number: 1003536
Trend Micro Deep Security DPI Rule Name: 1003536 - Apache mod_dav svn Remote Denial Of Service
影響を受けるソフトウェア
- apache apr-util 0.9.1
- apache apr-util 0.9.2
- apache apr-util 0.9.3
- apache apr-util 0.9.4
- apache apr-util 0.9.5
- apache apr-util 1.0
- apache apr-util 1.0.1
- apache apr-util 1.0.2
- apache apr-util 1.1.0
- apache apr-util 1.1.1
- apache apr-util 1.1.2
- apache apr-util 1.2.1
- apache apr-util 1.2.2
- apache apr-util 1.2.6
- apache apr-util 1.2.7
- apache apr-util 1.2.8
- apache apr-util 1.3.0
- apache apr-util 1.3.1
- apache apr-util 1.3.2
- apache apr-util 1.3.3
- apache apr-util 1.3.4
- apache apr-util 1.3.5
- apache apr-util 1.3.6
- apache http_server