CVE: CVE-2009-2699

Export to Word

The Solaris pollset feature in the Event Port backend in poll/unix/port.c in the Apache Portable Runtime (APR) library before 1.3.9, as used in the Apache HTTP Server before 2.2.14 and other products, does not properly handle errors, which allows remote attackers to cause a denial of service (daemon hang) via unspecified HTTP requests, related to the prefork and event MPMs.

Threat-Mapped Scoring

Score: 1.5

Priority: P4 - Informational (Low)

S10 – Denial of Service

EPSS

Score: 0.08727
Percentile: 0.92086

CVSS Scoring

CVSS v3.1 Score: 7.5

Severity: HIGH

Mapped CWE(s)

CWE-667 : Improper Locking

All CAPEC(s)

CAPEC-25: Forced Deadlock
CAPEC-26: Leveraging Race Conditions
CAPEC-27: Leveraging Race Conditions via Symbolic Links

CAPEC(s) with Mapped TTPs

CAPEC-25: Forced Deadlock
Mapped TTPs:
- T1499.004 : Application or System Exploitation

Mapped ATT&CK TTPs

T1499.004 : Application or System Exploitation
Kill Chain: impact

Malware

Industroyer

APTs Threat Group Associations

Campaigns

Affected Products

cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*
cpe:2.3:a:apache:portable_runtime:*:*:*:*:*:*:*:*

← Back to Home