Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Apache HTTP Server Improper Restriction of Recursive Entity References in DTDs (XML Entity Expansion) Vulnerability - CVE-2009-1955 - Vulnerability Database
Apache HTTP Server

Apache HTTP Server Improper Restriction of Recursive Entity References in DTDs (XML Entity Expansion) Vulnerability - CVE-2009-1955

High
Reference: CVE-2009-1955
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2009-1955
Title: Apache HTTP Server Improper Restriction of Recursive Entity References in DTDs (XML Entity Expansion) Vulnerability
Overview:

The expat XML parser in the apr_xml_ interface in xml/apr_xml.c in Apache APR-util before 1.3.7 as used in the mod_dav and mod_dav_svn modules in the Apache HTTP Server allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references as demonstrated by a PROPFIND request a similar issue to CVE-2003-1564.