The Solaris pollset feature in the Event Port backend in poll/unix/port.c in the Apache Portable Runtime (APR) library before 1.3.9, as used in the Apache HTTP Server before 2.2.14 and other products, does not properly handle errors, which allows remote attackers to cause a denial of service (daemon hang) via unspecified HTTP requests, related to the prefork and event MPMs.
References
Link Providers
http://marc.info/?l=bugtraq&m=133355494609819&w=2 cve-icon cve-icon
http://securitytracker.com/id?1022988 cve-icon cve-icon
http://www.apache.org/dist/httpd/CHANGES_2.2.14 cve-icon cve-icon
http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 cve-icon cve-icon
http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html cve-icon cve-icon
http://www.securityfocus.com/bid/36596 cve-icon cve-icon
https://exchange.xforce.ibmcloud.com/vulnerabilities/53666 cve-icon cve-icon
https://issues.apache.org/bugzilla/show_bug.cgi?id=47645 cve-icon cve-icon
https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/r2295080a257bad27ea68ca0af12fc715577f9e84801eae116a33107e%40%3Ccvs.httpd.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/rad2acee3ab838b52c04a0698b1728a9a43467bf365bd481c993c535d%40%3Ccvs.httpd.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/reb7c64aeea604bf948467d9d1cab8ff23fa7d002be1964bcc275aae7%40%3Ccvs.httpd.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2009-2699 cve-icon
https://www.cve.org/CVERecord?id=CVE-2009-2699 cve-icon
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2009-10-13T10:00:00

Updated: 2024-08-07T05:59:56.883Z

Reserved: 2009-08-05T00:00:00

Link: CVE-2009-2699

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2009-10-13T10:30:00.313

Modified: 2024-11-21T01:05:32.900

Link: CVE-2009-2699

cve-icon Redhat

Severity : Moderate

Publid Date: 2009-10-05T00:00:00Z

Links: CVE-2009-2699 - Bugzilla