CVE-2009-2699

CWE-6676 documents6 sources

Severity

7.5HIGH

EPSS

8.7%

top 7.50%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apache Http Server Apache Portable Runtime

Timeline

PublishedOct 13

Latest updateMay 2

Description

The Solaris pollset feature in the Event Port backend in poll/unix/port.c in the Apache Portable Runtime (APR) library before 1.3.9, as used in the Apache HTTP Server before 2.2.14 and other products, does not properly handle errors, which allows remote attackers to cause a denial of service (daemon hang) via unspecified HTTP requests, related to the prefork and event MPMs.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

▶NVDapache/portable_runtime< 1.3.9

▶NVDapache/http_server2.2.0 — 2.2.14

Patches

Patch: www.securityfocus.com ↗Patch: lists.apache.org ↗Patch: lists.apache.org ↗

🔴Vulnerability Details

GHSA

GHSA-2vjp-v45q-4g2x: The Solaris pollset feature in the Event Port backend in poll/unix/port↗2022-05-02

▶

CVEList

CVE-2009-2699: The Solaris pollset feature in the Event Port backend in poll/unix/port↗2009-10-13

▶

📋Vendor Advisories

Red Hat

(apr): Improper pollset feature error handling on Solaris - DoS (hang)↗2009-10-05

▶

Debian

CVE-2009-2699: apr - The Solaris pollset feature in the Event Port backend in poll/unix/port.c in the...↗2009

▶

💬Community

Bugzilla

CVE-2009-2699 httpd (apr): Improper pollset feature error handling on Solaris - DoS (hang)↗2009-10-13

▶