Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Apache 2.2 < 2.2.17 Multiple Vulnerabilities

Medium

Synopsis

The remote web server is vulnerable to multiple attack vectors.

Description

Versions of Apache 2.2 earlier than 2.2.17 are potentially affected by multiple vulnerabilities :

- Errors exist in the bundled expat library that may allow an attacker to crash the server when a buffer is over-read when parsing an XML document. (CVE-2009-3720 and CVE-2009-3560)

- An error exists in the 'apr_brigade_split_line' function in the bundled APR-util library. Carefully timed bytes in requests result in gradual memory increases leading to a denial of service. (CVE-2010-1623)

Solution

Either ensure the affected module is not in use or upgrade to Apache version 2.2.17 or later.