CVE-2009-2699

Impact:
Moderate
Public Date:
2009-10-05
Bugzilla:
528756: CVE-2009-2699 httpd (apr): Improper pollset feature error handling on Solaris - DoS (hang)

The MITRE CVE dictionary describes this issue as:

The Solaris pollset feature in the Event Port backend in poll/unix/port.c in the Apache Portable Runtime (APR) library before 1.3.9, as used in the Apache HTTP Server before 2.2.14 and other products, does not properly handle errors, which allows remote attackers to cause a denial of service (daemon hang) via unspecified HTTP requests, related to the prefork and event MPMs.

Find out more about CVE-2009-2699 from the MITRE CVE dictionary dictionary and NIST NVD.

Statement

This flaw does not affect the version of APR shipped in Red Hat Enterprise Linux.

This flaw affected JBoss Enterprise Web Server running on the Solaris platform. Updated httpd packages are available for download from Customer Support Portal.

CVSS v2 metrics

NOTE: The following CVSS v2 metrics and score provided are preliminary and subject to review.

Base Score 5
Base Metrics AV:N/AC:L/Au:N/C:N/I:N/A:P
Access Vector Network
Access Complexity Low
Authentication None
Confidentiality Impact None
Integrity Impact None
Availability Impact Partial

Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).

Mitigation

Last Modified

CVE description copyright © 2017, The MITRE Corporation