Apache » Http Server » 2.0.50 : Security Vulnerabilities, CVEs, Published In 2009 (Denial of service)
The updatePosition function in lib/xmltok_impl.c in libexpat in Expat 2.0.1, as used in Python, PyXML, w3c-libwww, and other software, allows context-dependent attackers to cause a denial of service (application crash) via an XML document with crafted UTF-8 sequences that trigger a buffer over-read, a different vulnerability than CVE-2009-2625.
Max CVSS
5.0
EPSS Score
3.23%
Published
2009-11-03
Updated
2024-02-22
The big2_toUtf8 function in lib/xmltok.c in libexpat in Expat 2.0.1, as used in the XML-Twig module for Perl, allows context-dependent attackers to cause a denial of service (application crash) via an XML document with malformed UTF-8 sequences that trigger a buffer over-read, related to the doProlog function in lib/xmlparse.c, a different vulnerability than CVE-2009-2625 and CVE-2009-3720.
Max CVSS
5.0
EPSS Score
1.28%
Published
2009-12-04
Updated
2023-11-01
The ap_proxy_ftp_handler function in modules/proxy/proxy_ftp.c in the mod_proxy_ftp module in the Apache HTTP Server 2.0.63 and 2.2.13 allows remote FTP servers to cause a denial of service (NULL pointer dereference and child process crash) via a malformed reply to an EPSV command.
Max CVSS
2.6
EPSS Score
0.15%
Published
2009-09-08
Updated
2022-09-19
The mod_deflate module in Apache httpd 2.2.11 and earlier compresses large files until completion even after the associated network connection is closed, which allows remote attackers to cause a denial of service (CPU consumption).
Max CVSS
7.1
EPSS Score
0.49%
Published
2009-07-10
Updated
2023-02-13
4 vulnerabilities found