oss-sec mailing list archives
Re: CVE request: "billion laughs" attack against Apache APR
From: "Steven M. Christey" <coley () linus mitre org>
Date: Sat, 6 Jun 2009 13:47:45 -0400 (EDT)
====================================================== Name: CVE-2009-1955 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1955 Reference: MILW0RM:8842 Reference: URL:http://www.milw0rm.com/exploits/8842 Reference: MLIST:[apr-dev] 20090602 [PATCH] prevent "billion laughs" attack against expat Reference: URL:http://marc.info/?l=apr-dev&m=124396021826125&w=2 Reference: MLIST:[oss-security] 20090603 CVE request: "billion laughs" attack against Apache APR Reference: URL:http://www.openwall.com/lists/oss-security/2009/06/03/4 Reference: CONFIRM:http://svn.apache.org/viewvc?view=rev&revision=781403 Reference: CONFIRM:http://www.apache.org/dist/apr/CHANGES-APR-UTIL-1.3 Reference: DEBIAN:DSA-1812 Reference: URL:http://www.debian.org/security/2009/dsa-1812 Reference: SECUNIA:35284 Reference: URL:http://secunia.com/advisories/35284 Reference: SECUNIA:35360 Reference: URL:http://secunia.com/advisories/35360 The expat XML parser in the apr_xml_* interface in xml/apr_xml.c in Apache APR-util before 1.3.7, as used in the mod_dav and mod_dav_svn modules in the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, as demonstrated by a PROPFIND request, a similar issue to CVE-2003-1564.
Current thread:
- CVE request: "billion laughs" attack against Apache APR Joe Orton (Jun 03)
- Re: CVE request: "billion laughs" attack against Apache APR Eygene Ryabinkin (Jun 06)
- Re: CVE request: "billion laughs" attack against Apache APR Joe Orton (Jun 11)
- Re: CVE request: "billion laughs" attack against Apache APR Steven M. Christey (Jun 06)
- Re: CVE request: "billion laughs" attack against Apache APR Eygene Ryabinkin (Jun 06)