CVE ID
CVE-2009-1955
DESCRIPTION
A denial of service flaw was found in the bundled copy of the APR-util library Extensible Markup Language (XML) parser. A remote attacker could create a specially-crafted XML document that would cause excessive memory consumption when processed by the XML decoding engine.
Severity: moderate
Unitrends could be vulnerable to this, but it requires a great deal of expertise to craft the exploit. It would also require network access to the Unitrends system. No data would be affected, but it could slow down the system.
RESOLUTION
The CentOS6.5 distribution already contains the fix.
Resolved in:
- For CentOS6, the distribution already contains this fix.
- For CentOS5, apr-util-1.2.7-11.el5_5.2 or later has this fix, and Unitrends appliances should already have apr-util-1.2.7-7.el5_3.2.
- Upstream Apache httpd 2.2.12