ID de Prueba:	1.3.6.1.4.1.25623.1.0.900573
Categoría:	Denial of Service
Título:	Apache APR-Utils XML Parser Denial of Service Vulnerability
Resumen:	Apache APR-Utils is prone to a denial of service (DoS) vulnerability.
Descripción:	Summary: Apache APR-Utils is prone to a denial of service (DoS) vulnerability. Vulnerability Insight: An error in the 'expat XML' parser when processing crafted XML documents containing a large number of nested entity references. Vulnerability Impact: Attackers can exploit these issues to crash the application resulting into a denial of service condition. Affected Software/OS: Apache APR-Utils version prior to 1.3.7 on Linux. Solution: Apply the patch or upgrade to Apache APR-Utils 1.3.7. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2009-1955 AIX APAR: PK88342 http://www-01.ibm.com/support/docview.wss?uid=swg1PK88342 AIX APAR: PK91241 http://www-01.ibm.com/support/docview.wss?uid=swg1PK91241 AIX APAR: PK99478 http://www-01.ibm.com/support/docview.wss?uid=swg1PK99478 http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html BugTraq ID: 35253 http://www.securityfocus.com/bid/35253 Bugtraq: 20090824 rPSA-2009-0123-1 apr-util (Google Search) http://www.securityfocus.com/archive/1/506053/100/0/threaded Debian Security Information: DSA-1812 (Google Search) http://www.debian.org/security/2009/dsa-1812 https://www.exploit-db.com/exploits/8842 https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01228.html https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01173.html https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01201.html http://security.gentoo.org/glsa/glsa-200907-03.xml HPdes Security Advisory: HPSBUX02612 http://marc.info/?l=bugtraq&m=129190899612998&w=2 HPdes Security Advisory: SSRT100345 http://www.mandriva.com/security/advisories?name=MDVSA-2009:131 http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 http://marc.info/?l=apr-dev&m=124396021826125&w=2 https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r2295080a257bad27ea68ca0af12fc715577f9e84801eae116a33107e@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/rc4c53a0d57b2771ecd4b965010580db355e38137c8711311ee1073a8@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/reb7c64aeea604bf948467d9d1cab8ff23fa7d002be1964bcc275aae7@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f@%3Ccvs.httpd.apache.org%3E http://www.openwall.com/lists/oss-security/2009/06/03/4 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10270 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12473 http://www.redhat.com/support/errata/RHSA-2009-1107.html http://www.redhat.com/support/errata/RHSA-2009-1108.html http://secunia.com/advisories/34724 http://secunia.com/advisories/35284 http://secunia.com/advisories/35360 http://secunia.com/advisories/35395 http://secunia.com/advisories/35444 http://secunia.com/advisories/35487 http://secunia.com/advisories/35565 http://secunia.com/advisories/35710 http://secunia.com/advisories/35797 http://secunia.com/advisories/35843 http://secunia.com/advisories/36473 http://secunia.com/advisories/37221 http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.538210 SuSE Security Announcement: SUSE-SR:2010:011 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html http://www.ubuntu.com/usn/usn-786-1 http://www.ubuntu.com/usn/usn-787-1 http://www.vupen.com/english/advisories/2009/1907 http://www.vupen.com/english/advisories/2009/3184 http://www.vupen.com/english/advisories/2010/1107
Copyright	Copyright (C) 2009 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.