Improper Locking

CVE-2009-2699

High

7.5/10

Summary

The Solaris pollset feature in the Event Port backend in "poll/unix/port.c" in the Apache Portable Runtime (APR) library 1.1.0 through 1.3.8, as used in the Apache HTTP Server 2.2.x through 2.2.13 and other products, does not properly handle errors, which allows remote attackers to cause a Denial of Service (daemon hang) via unspecified HTTP requests, related to the prefork and event MPMs.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: NONE
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: NONE
Availability Impact: HIGH

CWE-667 - Improper Locking

The software does not properly acquire or release a lock on a resource, leading to unexpected resource state changes and behaviors.

References

Advisory
Advisory
Issue

Advisory Timeline

Published Oct 13, 2009

Improper Locking

CVE-2009-2699

Summary

CWE-667 - Improper Locking

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS