CVE-2009-2699 Information
Share on:Description
The Solaris pollset feature in the Event Port backend in poll/unix/port.c in the Apache Portable Runtime (APR) library before 1.3.9 as used in the Apache HTTP Server before 2.2.14 and other products does not properly handle errors which allows remote attackers to cause a denial of service (daemon hang) via unspecified HTTP requests related to the prefork and event MPMs.
Reference
http://marc.info/?l=bugtraq&m=133355494609819&w=2 http://securitytracker.com/id?1022988 http://www.apache.org/dist/httpd/CHANGES_2.2.14 http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html http://www.securityfocus.com/bid/36596 https://exchange.xforce.ibmcloud.com/vulnerabilities/53666 https://issues.apache.org/bugzilla/show_bug.cgi?id=47645 https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f@3Ccvs.httpd.apache.org3E https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53@3Ccvs.httpd.apache.org3E https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7@3Ccvs.httpd.apache.org3E https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b@3Ccvs.httpd.apache.org3E