CVE-2009-2699

NameCVE-2009-2699
DescriptionThe Solaris pollset feature in the Event Port backend in poll/unix/port.c in the Apache Portable Runtime (APR) library before 1.3.9, as used in the Apache HTTP Server before 2.2.14 and other products, does not properly handle errors, which allows remote attackers to cause a denial of service (daemon hang) via unspecified HTTP requests, related to the prefork and event MPMs.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
apr (PTS)bullseye (security), bullseye1.7.0-6+deb11u2fixed
bookworm1.7.2-3fixed
sid, trixie1.7.5-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
aprsource(unstable)(not affected)

Notes

- apr <not-affected> (does not affect Linux or kFreeBSD)

Search for package or bug name: Reporting problems