The expat XML parser in the apr_xml_* interface in xml/apr_xml.c in Apache APR-util prior to 1.3.7, as used in the mod_dav and mod_dav_svn modules in the Apache HTTP Server, allows remote malicious users to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, as demonstrated by a PROPFIND request, a similar issue to CVE-2003-1564.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
apache apr-util |
||
apple mac os x |
||
suse linux enterprise server 9 |
||
debian debian linux 4.0 |
||
canonical ubuntu linux 9.04 |
||
canonical ubuntu linux 8.10 |
||
canonical ubuntu linux 8.04 |
||
canonical ubuntu linux 6.06 |
||
fedoraproject fedora 11 |
||
fedoraproject fedora 10 |
||
fedoraproject fedora 9 |
||
oracle http server - |
||
apache http server |