CVE-2009-2699
Summary
| CVE | CVE-2009-2699 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2009-10-13 10:30:00 UTC |
| Updated | 2023-11-07 02:04:00 UTC |
| Description | The Solaris pollset feature in the Event Port backend in poll/unix/port.c in the Apache Portable Runtime (APR) library before 1.3.9, as used in the Apache HTTP Server before 2.2.14 and other products, does not properly handle errors, which allows remote attackers to cause a denial of service (daemon hang) via unspecified HTTP requests, related to the prefork and event MPMs. |
Risk And Classification
Problem Types: NVD-CWE-noinfo
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Apache | Apr | 0.9.17 | All | All | All |
| Application | Apache | Apr | 0.9.18 | All | All | All |
| Application | Apache | Apr | 0.9.7 | All | All | All |
| Application | Apache | Apr | 1.2.1 | All | All | All |
| Application | Apache | Apr | 0.9.17 | All | All | All |
| Application | Apache | Apr | 0.9.18 | All | All | All |
| Application | Apache | Apr | 0.9.7 | All | All | All |
| Application | Apache | Apr | 1.2.1 | All | All | All |
| Application | Apache | Apr | All | All | All | All |
| Application | Apache | Http Server | All | All | All | All |
| Application | Apache | Http Server | - | All | All | All |
| Application | Apache | Http Server | 0.8.11 | All | All | All |
| Application | Apache | Http Server | 0.8.14 | All | All | All |
| Application | Apache | Http Server | 1.0.2 | All | All | All |
| Application | Apache | Http Server | 1.0.3 | All | All | All |
| Application | Apache | Http Server | 1.0.5 | All | All | All |
| Application | Apache | Http Server | 1.1 | All | All | All |
| Application | Apache | Http Server | 1.1.1 | All | All | All |
| Application | Apache | Http Server | 1.2 | All | All | All |
| Application | Apache | Http Server | 1.2.4 | All | All | All |
| Application | Apache | Http Server | 1.2.5 | All | All | All |
| Application | Apache | Http Server | 1.2.6 | All | All | All |
| Application | Apache | Http Server | 1.2.9 | All | All | All |
| Application | Apache | Http Server | 1.3 | All | All | All |
| Application | Apache | Http Server | 1.3.0 | All | All | All |
| Application | Apache | Http Server | 1.3.1 | All | All | All |
| Application | Apache | Http Server | 1.3.1.1 | All | All | All |
| Application | Apache | Http Server | 1.3.10 | All | All | All |
| Application | Apache | Http Server | 1.3.11 | All | All | All |
| Application | Apache | Http Server | 1.3.12 | All | All | All |
| Application | Apache | Http Server | 1.3.13 | All | All | All |
| Application | Apache | Http Server | 1.3.14 | All | All | All |
| Application | Apache | Http Server | 1.3.15 | All | All | All |
| Application | Apache | Http Server | 1.3.16 | All | All | All |
| Application | Apache | Http Server | 1.3.17 | All | All | All |
| Application | Apache | Http Server | 1.3.18 | All | All | All |
| Application | Apache | Http Server | 1.3.19 | All | All | All |
| Application | Apache | Http Server | 1.3.2 | All | All | All |
| Application | Apache | Http Server | 1.3.20 | All | All | All |
| Application | Apache | Http Server | 1.3.22 | All | All | All |
| Application | Apache | Http Server | 1.3.23 | All | All | All |
| Application | Apache | Http Server | 1.3.24 | All | All | All |
| Application | Apache | Http Server | 1.3.25 | All | All | All |
| Application | Apache | Http Server | 1.3.26 | All | All | All |
| Application | Apache | Http Server | 1.3.27 | All | All | All |
| Application | Apache | Http Server | 1.3.28 | All | All | All |
| Application | Apache | Http Server | 1.3.29 | All | All | All |
| Application | Apache | Http Server | 1.3.3 | All | All | All |
| Application | Apache | Http Server | 1.3.30 | All | All | All |
| Application | Apache | Http Server | 1.3.31 | All | All | All |
| Application | Apache | Http Server | 1.3.32 | All | All | All |
| Application | Apache | Http Server | 1.3.33 | All | All | All |
| Application | Apache | Http Server | 1.3.34 | All | All | All |
| Application | Apache | Http Server | 1.3.35 | All | All | All |
| Application | Apache | Http Server | 1.3.36 | All | All | All |
| Application | Apache | Http Server | 1.3.37 | All | All | All |
| Application | Apache | Http Server | 1.3.38 | All | All | All |
| Application | Apache | Http Server | 1.3.39 | All | All | All |
| Application | Apache | Http Server | 1.3.4 | All | All | All |
| Application | Apache | Http Server | 1.3.5 | All | All | All |
| Application | Apache | Http Server | 1.3.6 | All | All | All |
| Application | Apache | Http Server | 1.3.65 | All | All | All |
| Application | Apache | Http Server | 1.3.68 | All | All | All |
| Application | Apache | Http Server | 1.3.7 | All | All | All |
| Application | Apache | Http Server | 1.3.8 | All | All | All |
| Application | Apache | Http Server | 1.3.9 | All | All | All |
| Application | Apache | Http Server | 1.4.0 | All | All | All |
| Application | Apache | Http Server | 1.99 | All | All | All |
| Application | Apache | Http Server | 2.0 | All | All | All |
| Application | Apache | Http Server | 2.0.28 | All | All | All |
| Application | Apache | Http Server | 2.0.32 | All | All | All |
| Application | Apache | Http Server | 2.0.32 | beta | All | All |
| Application | Apache | Http Server | 2.0.34 | beta | All | All |
| Application | Apache | Http Server | 2.0.35 | All | All | All |
| Application | Apache | Http Server | 2.0.36 | All | All | All |
| Application | Apache | Http Server | 2.0.37 | All | All | All |
| Application | Apache | Http Server | 2.0.38 | All | All | All |
| Application | Apache | Http Server | 2.0.39 | All | All | All |
| Application | Apache | Http Server | 2.0.40 | All | All | All |
| Application | Apache | Http Server | 2.0.41 | All | All | All |
| Application | Apache | Http Server | 2.0.42 | All | All | All |
| Application | Apache | Http Server | 2.0.43 | All | All | All |
| Application | Apache | Http Server | 2.0.44 | All | All | All |
| Application | Apache | Http Server | 2.0.45 | All | All | All |
| Application | Apache | Http Server | 2.0.46 | All | All | All |
| Application | Apache | Http Server | 2.0.47 | All | All | All |
| Application | Apache | Http Server | 2.0.48 | All | All | All |
| Application | Apache | Http Server | 2.0.49 | All | All | All |
| Application | Apache | Http Server | 2.0.50 | All | All | All |
| Application | Apache | Http Server | 2.0.51 | All | All | All |
| Application | Apache | Http Server | 2.0.52 | All | All | All |
| Application | Apache | Http Server | 2.0.53 | All | All | All |
| Application | Apache | Http Server | 2.0.54 | All | All | All |
| Application | Apache | Http Server | 2.0.55 | All | All | All |
| Application | Apache | Http Server | 2.0.56 | All | All | All |
| Application | Apache | Http Server | 2.0.57 | All | All | All |
| Application | Apache | Http Server | 2.0.58 | All | All | All |
| Application | Apache | Http Server | 2.0.59 | All | All | All |
| Application | Apache | Http Server | 2.0.60 | All | All | All |
| Application | Apache | Http Server | 2.0.9 | All | All | All |
| Application | Apache | Http Server | 2.1 | All | All | All |
| Application | Apache | Http Server | 2.1.1 | All | All | All |
| Application | Apache | Http Server | 2.1.2 | All | All | All |
| Application | Apache | Http Server | 2.1.3 | All | All | All |
| Application | Apache | Http Server | 2.1.4 | All | All | All |
| Application | Apache | Http Server | 2.1.5 | All | All | All |
| Application | Apache | Http Server | 2.1.6 | All | All | All |
| Application | Apache | Http Server | 2.1.7 | All | All | All |
| Application | Apache | Http Server | 2.1.8 | All | All | All |
| Application | Apache | Http Server | 2.1.9 | All | All | All |
| Application | Apache | Http Server | 2.2 | All | All | All |
| Application | Apache | Http Server | 2.2.0 | All | All | All |
| Application | Apache | Http Server | 2.2.1 | All | All | All |
| Application | Apache | Http Server | 2.2.10 | All | All | All |
| Application | Apache | Http Server | 2.2.11 | All | All | All |
| Application | Apache | Http Server | 2.2.12 | All | All | All |
| Application | Apache | Http Server | 2.2.2 | All | All | All |
| Application | Apache | Http Server | 2.2.3 | All | All | All |
| Application | Apache | Http Server | 2.2.4 | All | All | All |
| Application | Apache | Http Server | 2.2.6 | All | All | All |
| Application | Apache | Http Server | 2.2.7 | All | All | All |
| Application | Apache | Http Server | 2.2.8 | All | All | All |
| Application | Apache | Http Server | 2.2.9 | All | All | All |
| Application | Apache | Http Server | - | All | All | All |
| Application | Apache | Http Server | 0.8.11 | All | All | All |
| Application | Apache | Http Server | 0.8.14 | All | All | All |
| Application | Apache | Http Server | 1.0.2 | All | All | All |
| Application | Apache | Http Server | 1.0.3 | All | All | All |
| Application | Apache | Http Server | 1.0.5 | All | All | All |
| Application | Apache | Http Server | 1.1 | All | All | All |
| Application | Apache | Http Server | 1.1.1 | All | All | All |
| Application | Apache | Http Server | 1.2 | All | All | All |
| Application | Apache | Http Server | 1.2.4 | All | All | All |
| Application | Apache | Http Server | 1.2.5 | All | All | All |
| Application | Apache | Http Server | 1.2.6 | All | All | All |
| Application | Apache | Http Server | 1.2.9 | All | All | All |
| Application | Apache | Http Server | 1.3 | All | All | All |
| Application | Apache | Http Server | 1.3.0 | All | All | All |
| Application | Apache | Http Server | 1.3.1 | All | All | All |
| Application | Apache | Http Server | 1.3.1.1 | All | All | All |
| Application | Apache | Http Server | 1.3.10 | All | All | All |
| Application | Apache | Http Server | 1.3.11 | All | All | All |
| Application | Apache | Http Server | 1.3.12 | All | All | All |
| Application | Apache | Http Server | 1.3.13 | All | All | All |
| Application | Apache | Http Server | 1.3.14 | All | All | All |
| Application | Apache | Http Server | 1.3.15 | All | All | All |
| Application | Apache | Http Server | 1.3.16 | All | All | All |
| Application | Apache | Http Server | 1.3.17 | All | All | All |
| Application | Apache | Http Server | 1.3.18 | All | All | All |
| Application | Apache | Http Server | 1.3.19 | All | All | All |
| Application | Apache | Http Server | 1.3.2 | All | All | All |
| Application | Apache | Http Server | 1.3.20 | All | All | All |
| Application | Apache | Http Server | 1.3.22 | All | All | All |
| Application | Apache | Http Server | 1.3.23 | All | All | All |
| Application | Apache | Http Server | 1.3.24 | All | All | All |
| Application | Apache | Http Server | 1.3.25 | All | All | All |
| Application | Apache | Http Server | 1.3.26 | All | All | All |
| Application | Apache | Http Server | 1.3.27 | All | All | All |
| Application | Apache | Http Server | 1.3.28 | All | All | All |
| Application | Apache | Http Server | 1.3.29 | All | All | All |
| Application | Apache | Http Server | 1.3.3 | All | All | All |
| Application | Apache | Http Server | 1.3.30 | All | All | All |
| Application | Apache | Http Server | 1.3.31 | All | All | All |
| Application | Apache | Http Server | 1.3.32 | All | All | All |
| Application | Apache | Http Server | 1.3.33 | All | All | All |
| Application | Apache | Http Server | 1.3.34 | All | All | All |
| Application | Apache | Http Server | 1.3.35 | All | All | All |
| Application | Apache | Http Server | 1.3.36 | All | All | All |
| Application | Apache | Http Server | 1.3.37 | All | All | All |
| Application | Apache | Http Server | 1.3.38 | All | All | All |
| Application | Apache | Http Server | 1.3.39 | All | All | All |
| Application | Apache | Http Server | 1.3.4 | All | All | All |
| Application | Apache | Http Server | 1.3.5 | All | All | All |
| Application | Apache | Http Server | 1.3.6 | All | All | All |
| Application | Apache | Http Server | 1.3.65 | All | All | All |
| Application | Apache | Http Server | 1.3.68 | All | All | All |
| Application | Apache | Http Server | 1.3.7 | All | All | All |
| Application | Apache | Http Server | 1.3.8 | All | All | All |
| Application | Apache | Http Server | 1.3.9 | All | All | All |
| Application | Apache | Http Server | 1.4.0 | All | All | All |
| Application | Apache | Http Server | 1.99 | All | All | All |
| Application | Apache | Http Server | 2.0 | All | All | All |
| Application | Apache | Http Server | 2.0.28 | All | All | All |
| Application | Apache | Http Server | 2.0.32 | All | All | All |
| Application | Apache | Http Server | 2.0.32 | beta | All | All |
| Application | Apache | Http Server | 2.0.34 | beta | All | All |
| Application | Apache | Http Server | 2.0.35 | All | All | All |
| Application | Apache | Http Server | 2.0.36 | All | All | All |
| Application | Apache | Http Server | 2.0.37 | All | All | All |
| Application | Apache | Http Server | 2.0.38 | All | All | All |
| Application | Apache | Http Server | 2.0.39 | All | All | All |
| Application | Apache | Http Server | 2.0.40 | All | All | All |
| Application | Apache | Http Server | 2.0.41 | All | All | All |
| Application | Apache | Http Server | 2.0.42 | All | All | All |
| Application | Apache | Http Server | 2.0.43 | All | All | All |
| Application | Apache | Http Server | 2.0.44 | All | All | All |
| Application | Apache | Http Server | 2.0.45 | All | All | All |
| Application | Apache | Http Server | 2.0.46 | All | All | All |
| Application | Apache | Http Server | 2.0.47 | All | All | All |
| Application | Apache | Http Server | 2.0.48 | All | All | All |
| Application | Apache | Http Server | 2.0.49 | All | All | All |
| Application | Apache | Http Server | 2.0.50 | All | All | All |
| Application | Apache | Http Server | 2.0.51 | All | All | All |
| Application | Apache | Http Server | 2.0.52 | All | All | All |
| Application | Apache | Http Server | 2.0.53 | All | All | All |
| Application | Apache | Http Server | 2.0.54 | All | All | All |
| Application | Apache | Http Server | 2.0.55 | All | All | All |
| Application | Apache | Http Server | 2.0.56 | All | All | All |
| Application | Apache | Http Server | 2.0.57 | All | All | All |
| Application | Apache | Http Server | 2.0.58 | All | All | All |
| Application | Apache | Http Server | 2.0.59 | All | All | All |
| Application | Apache | Http Server | 2.0.60 | All | All | All |
| Application | Apache | Http Server | 2.0.9 | All | All | All |
| Application | Apache | Http Server | 2.1 | All | All | All |
| Application | Apache | Http Server | 2.1.1 | All | All | All |
| Application | Apache | Http Server | 2.1.2 | All | All | All |
| Application | Apache | Http Server | 2.1.3 | All | All | All |
| Application | Apache | Http Server | 2.1.4 | All | All | All |
| Application | Apache | Http Server | 2.1.5 | All | All | All |
| Application | Apache | Http Server | 2.1.6 | All | All | All |
| Application | Apache | Http Server | 2.1.7 | All | All | All |
| Application | Apache | Http Server | 2.1.8 | All | All | All |
| Application | Apache | Http Server | 2.1.9 | All | All | All |
| Application | Apache | Http Server | 2.2 | All | All | All |
| Application | Apache | Http Server | 2.2.0 | All | All | All |
| Application | Apache | Http Server | 2.2.1 | All | All | All |
| Application | Apache | Http Server | 2.2.10 | All | All | All |
| Application | Apache | Http Server | 2.2.11 | All | All | All |
| Application | Apache | Http Server | 2.2.12 | All | All | All |
| Application | Apache | Http Server | 2.2.2 | All | All | All |
| Application | Apache | Http Server | 2.2.3 | All | All | All |
| Application | Apache | Http Server | 2.2.4 | All | All | All |
| Application | Apache | Http Server | 2.2.6 | All | All | All |
| Application | Apache | Http Server | 2.2.7 | All | All | All |
| Application | Apache | Http Server | 2.2.8 | All | All | All |
| Application | Apache | Http Server | 2.2.9 | All | All | All |
| Application | Apache | Http Server | All | All | All | All |
| Application | Apache | Portable Runtime | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Oracle Critical Patch Update - April 2013 | CONFIRM | www.oracle.com | |
| Pony Mail! | lists.apache.org | ||
| Pony Mail! | lists.apache.org | ||
| Pony Mail! | MLIST | lists.apache.org | |
| Pony Mail! | MLIST | lists.apache.org | |
| '[security bulletin] HPSBMU02753 SSRT100782 rev.1 - HP Business Availability Center (BAC) Running Apa' - MARC | HP | marc.info | |
| Apache HTTP Server Solaris Event Port Pollset Support Remote Denial Of Service Vulnerability | BID | www.securityfocus.com | Patch |
| Pony Mail! | lists.apache.org | ||
| Pony Mail! | MLIST | lists.apache.org | |
| Pony Mail! | lists.apache.org | ||
| Pony Mail! | lists.apache.org | ||
| Pony Mail! | lists.apache.org | ||
| Pony Mail! | MLIST | lists.apache.org | |
| IBM X-Force Exchange | XF | exchange.xforce.ibmcloud.com | |
| Pony Mail! | lists.apache.org | ||
| Pony Mail! | lists.apache.org | ||
| Pony Mail! | MLIST | lists.apache.org | |
| Pony Mail! | MLIST | lists.apache.org | |
| Pony Mail! | MLIST | lists.apache.org | |
| Pony Mail! | MLIST | lists.apache.org | |
| Pony Mail! | lists.apache.org | ||
| Bug 47645 – httpd-2.2.12 often hangs for hours | CONFIRM | issues.apache.org | |
| Pony Mail! | lists.apache.org | ||
| Support / Security / Advisories / / MDVSA-2013:150 | Mandriva | MANDRIVA | www.mandriva.com | |
| Pony Mail! | MLIST | lists.apache.org | |
| Pony Mail! | MLIST | lists.apache.org | |
| Pony Mail! | MLIST | lists.apache.org | |
| Pony Mail! | lists.apache.org | ||
| Pony Mail! | lists.apache.org | ||
| 404 Not Found | CONFIRM | www.apache.org | Vendor Advisory |
| SecurityTracker.com Archives - Apache Solaris Support Code Bug Lets Remote Users Deny Service | SECTRACK | securitytracker.com | |
| Pony Mail! | MLIST | lists.apache.org | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
Vendor Comments And Credit
| Organization | Published | Contributor | Statement |
|---|---|---|---|
| Red Hat | 2010-02-23 | Joshua Bressers | This flaw does not affect the version of APR shipped in Red Hat Enterprise Linux. This flaw affected JBoss Enterprise Web Server running on the Solaris platform. Updated httpd packages are available for download from Customer Support Portal: https://support.redhat.com/jbossnetwork/restricted/listSoftware.html?product=webserver&downloadType=securityPatches&version=1.0.0 |
| Apache | 2010-01-21 | Mark Cox | Clarification 1: This issue only affects Solaris 10 and OpenSolaris. Other versions of Solaris and non-Solaris platforms are not affected. Clarification 2: This issue only affects 2.2.x versions of Apache HTTP Server, APR 1.1 through 1.3.8. APR 0.9.x is not affected. |
There are currently no legacy QID mappings associated with this CVE.