Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusTenable6793.PRM
HistoryMay 07, 2013 - 12:00 a.m.

Apache 2.2 < 2.2.17 Multiple Vulnerabilities

2013-05-0700:00:00
Tenable
www.tenable.com
10

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.425 Medium

EPSS

Percentile

97.3%

JSON

Versions of Apache 2.2 earlier than 2.2.17 are potentially affected by multiple vulnerabilities :

  • Errors exist in the bundled expat library that may allow an attacker to crash the server when a buffer is over-read when parsing an XML document. (CVE-2009-3720 and CVE-2009-3560)

  • An error exists in the ‘apr_brigade_split_line’ function in the bundled APR-util library. Carefully timed bytes in requests result in gradual memory increases leading to a denial of service. (CVE-2010-1623)

Binary data 6793.prm
VendorProductVersionCPE
apachehttp_server2.2cpe:/a:apache:http_server:2.2

Related

nessus 64
openvas 83
slackware 3
freebsd 2
fedora 10
redhat 2
centos 2
oraclelinux 2
ubuntu 7
f5 4
cve 2
ubuntucve 2
osv 1
debiancve 2
cvelist 2
prion 2
nvd 2
debian 3
httpd 3
veracode 1
nessus
nessus
Slackware 12.0 / 12.1 / 12.2 / 13.0 / 13.1 / current : httpd (SSA:2011-041-03)
2011-02-11 00:00:00
FreeBSD : apr -- multiple vunerabilities (dd943fbb-d0fe-11df-95a8-00219b0fc4d8)
2010-10-06 00:00:00
Apache 2.2 < 2.2.17 Multiple Vulnerabilities
2013-05-07 00:00:00
openvas
openvas
Slackware Advisory SSA:2011-041-03 httpd
2012-09-11 00:00:00
Slackware: Security Advisory (SSA:2011-041-03)
2012-09-10 00:00:00
FreeBSD Ports: apr
2010-10-10 00:00:00
slackware
slackware
[slackware-security] httpd
2011-02-11 01:17:26
[slackware-security] expat
2011-02-11 01:17:08
[slackware-security] apr-util
2011-02-11 01:16:50
freebsd
freebsd
apr -- multiple vunerabilities
2010-10-02 00:00:00
libwww -- multiple vulnerabilities
2005-10-12 00:00:00
fedora
fedora
[SECURITY] Fedora 11 Update: expat-2.0.1-8.fc11
2009-12-05 00:02:48
[SECURITY] Fedora 12 Update: expat-2.0.1-8.fc12
2009-12-05 00:06:09
[SECURITY] Fedora 10 Update: expat-2.0.1-8.fc10
2009-12-04 23:57:13
redhat
redhat
(RHSA-2009:1625) Moderate: expat security update
2009-12-07 00:00:00
(RHSA-2010:0950) Moderate: apr-util security update
2010-12-07 00:00:00
centos
centos
expat security update
2009-12-07 23:34:29
apr security update
2011-01-27 08:46:39
oraclelinux
oraclelinux
expat security update
2009-12-07 00:00:00
apr-util security update
2010-12-07 00:00:00
ubuntu
ubuntu
XML-RPC for C and C++ vulnerabilities
2010-02-18 00:00:00
Expat vulnerabilities
2010-01-20 00:00:00
PyXML vulnerabilities
2010-01-26 00:00:00
f5
f5
K15905 : Expat vulnerabilities CVE-2009-3560 and CVE-2009-3720
2015-03-16 00:00:00
SOL15905 - Expat vulnerabilities CVE-2009-3560 and CVE-2009-3720
2014-12-11 00:00:00
SOL15902 - Apache vulnerability CVE-2010-1623
2014-12-11 00:00:00
cve
cve
CVE-2009-3560
2009-12-04 21:30:00
CVE-2010-1623
2010-10-04 21:00:03
ubuntucve
ubuntucve
CVE-2009-3560
2009-12-04 00:00:00
CVE-2010-1623
2010-10-04 00:00:00
osv
osv
python - several vulnerabilities
2010-01-25 00:00:00
debiancve
debiancve
CVE-2009-3560
2009-12-04 21:30:00
CVE-2010-1623
2010-10-04 21:00:03
cvelist
cvelist
CVE-2009-3560
2009-12-04 21:00:00
CVE-2010-1623
2010-10-04 20:00:00
prion
prion
Buffer overflow
2009-12-04 21:30:00
Design/Logic Flaw
2010-10-04 21:00:00
nvd
nvd
CVE-2009-3560
2009-12-04 21:30:00
CVE-2010-1623
2010-10-04 21:00:03
debian
debian
[SECURITY] [DSA-1977-1] New python packages fix several vulnerabilities
2010-01-25 22:01:20
[SECURITY] [DSA-2117-1] New apr-util packages fix denial of service
2010-10-04 21:35:18
[SECURITY] [DSA-2117-1] New apr-util packages fix denial of service
2010-10-04 21:35:18
httpd
httpd
Apache Httpd < 2.0.64 : apr_bridage_split_line DoS
2010-03-03 00:00:00
Apache Httpd < 2.2.17 : apr_bridage_split_line DoS
2010-03-03 00:00:00
Apache Httpd < 2.2.17 : expat DoS
2009-08-21 00:00:00
veracode
veracode
Denial Of Service (DoS)
2020-04-10 00:51:33

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.425 Medium

EPSS

Percentile

97.3%

JSON
Related for 6793.PRM
nessus64openvas83slackware3freebsd2fedora10redhat2centos2oraclelinux2ubuntu7f54cve2ubuntucve2osv1debiancve2cvelist2prion2nvd2debian3httpd3veracode1